Viet Anh
Jan 8, 2019
  2984
(2 votes)

DIBS payment provider supports SHA-256

In CommercePaymentGateways source code version 12.15.1 , we made changes in DIBS payment gateway. 

In previous versions, DIBS payment uses MD5 keys to secure the communication between the Commerce website and the DIBS server. However, it's less secure. 

DIBS also support sha-256 encryption, using HMAC key. From version 12.15.1, our DIBS payment gateway uses HMAC key for encryption. The entire payment request is encrypted and verified at DIBS server. In case the payment data (for example the total amount, or currency) doesn't match the encrypted value, then the transaction is rejected. 

The new API supports almost payment functions, comparing to the old API. Except the methods for split auth and split capture. And the merchant account need to contact DIBS support to enable the HMAC key. But overall, it's good and ensure the safety of transactions.

In case you still want the old API (with MD5 keys), then simply get the old package of CommercePaymentGateways. Then follow the DIBS installation guide here. We updated the steps for both old and new versions.

Hope this helps.

Jan 08, 2019

Comments

Please login to comment.
Latest blogs
Custom form element view in Optimizely CMS 12

Do you want full control over the form element markup? Create your own views!

Tomas Hensrud Gulla | Dec 11, 2024 | Syndicated blog

How to Elevate Your Experimentation - Opticon workshop experience

As a non-expert in the field of experimentation, I’d like to share my feedback on the recent Opticon San Antonio workshop session titled "How to...

David Ortiz | Dec 11, 2024

Persisting a Strawberry Shake GraphQL Client for Optimizely's Content Graph

A recent CMS project used Strawberry Shake to generate an up-to-date C# GraphQL client at each build. But what happens to the build if the GraphQL...

Nicholas Sideras | Dec 11, 2024 | Syndicated blog

Opti ID with Secure Cookies And Third Party AddOns

Opti ID has revolutionised access to the Optimizely One suite and is now the preferred authentication method on all PAAS CMS websites that I build....

Mark Stott | Dec 9, 2024

AsyncHelper can be considered harmful

.NET developers have been in the transition to move from synchronous APIs to asynchronous API. That was boosted a lot by await/async keyword of C#...

Quan Mai | Dec 4, 2024 | Syndicated blog

The search for dictionary key

Recently I helped to chase down a ghost (and you might be surprised to know that I, for most part, spend hours to be a ghostbuster, it could be fun...

Quan Mai | Dec 4, 2024 | Syndicated blog