Latest Update From Authorize Net About Relay Response Security update and White Listing
If you are using Authorize Net as your payment gateway, you should recently get an email from them about this :
Dear Authorize.Net Merchant: Authorize.Net is enhancing security with our hosted payment form (Server Integration Method (SIM) or Direct Post Method (DPM)) with Relay Response and white listing what url(s) can be used with this integration method. We have identified that you are using our hosted payment form (SIM or DPM) with Relay Response but you do not have a Relay Response url(s) listed in your Merchant Interface settings for white listing/approval. On 08/15/2019 we plan on enhancing the white listing for Relay Response and will require the Relay Response url(s) or domain(s) to be listed. If it is not, the request will be rejected with Response Code 14 and this will prevent the payment form from loading successfully. This is to enhance security for both merchants and customers. As a part of this update, we will no longer check the full url instead we will check the domain matches with any Relay Response url(s) passed in the API field x_relay_url for SIM and DPM. To assist with this update, Authorize.Net will add, to your account settings, the domains we see used on your account for the month of June 2019 to help prevent any issues.
Or you can also read from their announcement page below:
For existing VPCart customers that use our very latest VPCart Authorize Net Accept JS or Accept Hosted Gateway, you can ignore their latest email about this.
The latest version of VPCart Authorize Net Accept JS and Accept Hosted Gateway is no longer passing the Relay Response URL (x_relay_url) from the API, as it is intended for the older version SIM and DPM use.
For VPCart merchants that are still using the older version of Authorize Net AIM / SIM / DPM, then please immediately download our Accept Js or Accept Hosted Gateway as replacement. Please read more about this at:
If you have any questions regarding this, you can submit a helpdesk ticket to us.