What happened to MD5 support in Authorize.net?

As of March 2019, Authorize.net phased out the MD5 based hash previously used for transaction response verification in favor of the SHA-512 based hash utilizing a signature key. If you are running an xTuple ERP version prior to 4.12, you must disable the Authorize.net MD5 hash features on the xTuple credit card configuration screen. More specifically, you should clear the MD5 Hash field turn OFF the Set on Gateway option.

Support for the new signature key feature is added beginning with xTuple ERP version 4.12, and later.

NOTE: The MD5 and signature key hash features are both optional data validation tools. They are not required and do not relate to data encryption. Data flowing from xTuple will continue to be encrypted whether a validation hash is used or not.

For more information, please see the article "MD5 Hash End of Life & Signature Key Replacement."