One of my customers received this email today from WP. I am hoping some one with more knowledge than I will be able to make any necessary changes to this mod to comply with the change.
Thank You
Dave G
We have made a change to MD5, a feature which you currently use to protect the transaction parameters you send to our payment service for processing. This is an essential update, which we have made to improve security.
As a result of making this change, we now need to ask you to make some small adjustments to your payment service. Importantly, you will need to make these by the 31st of May 2011 in order to continue with your current method of using MD5.
**** What is MD5? ***
MD5 is a security feature that is used to verify that the transaction submission parameters supplied by your website to our payment gateway have not been tampered with. When enabled, it allows you to secure your choice of parameters and ensure these cannot be modified by a fraudster who could potentially change details of what has been purchased, or the amount of the transaction.
**** What changes do you need to make and important dates? ***
The changes you need to make require some small adjustments to the way in which you currently pass the ‘signatureFields’ parameter. This parameter is used by your system to list the transaction parameters that must be encrypted. It is currently sent in your order details submission.
>From today, you will be able to choose between two different methods of signing your transactions. The specific changes that you will need to make will depend on which of these your system uses to generate the MD5 signature:
Static Signatures (recommended method of generating MD5 signatures)
Merchants, who encrypt the same transaction parameters for every transaction, must now specify their signatureFields value in their Installation Settings located in the Merchant Administration Interface. Please note that this replaces the need to send the signatureFields parameter in your order details submission.
Dynamic Signatures
If however your system encrypts different transaction parameters for each transaction passed, you must now add the signatureFields parameter in the string used to calculate the MD5 signature and replace the current colon separation of parameters with semi colons.
It is important that you make the required changes by the 31st of May 2011.
*** Next steps ***
For further information and about this update and instructions on how to make the required changes please read the news page entitled ‘MD5 Update,’ by following the link below:
http://www.rbsworldpay.com/support/b...s&sub=md5&c=UK




