You are here

2016 - Authorize.Net was broken, appears to be fixed

Subscribe to Syndicate

Updated April 6, 2016

For venues using authorize.net, the issues authorizing cards was caused by authorize.net making production server changes and eliminating an important bit of deader information in the credit card authorization response send back to Theatre Manager. As noted in the developer comments for the day, they removed an important bit of information - the 'content-length' header which contains the size of the message being returned. This is a very important part of all https requests - and was restored towards the end of the day.

April 5, 2016

If you use authorize.net and Theatre Manager 10.05.xx, you may be running into issues authorizing and/or settling your credit card batches. Authorize.net indicated they would throw the switch to require TLS 1.2 sometime after they sent a warning letter to merchants in September 2015. In that letter, Authorize.net said they would follow the PCI council mandate for TLS 1.2 before June 2016.

Well, April 4th, 2016 is as good a day as any. We've had a few venues (using TM 10.05.xx) tell us that Authorize.net does not like the settlement message we've been sending for years while others (using 10.06.xx) are working fine. The conclusion is that authorize.net threw the switch to require TLS 1.2

What is TLS 1.2 anyway?

It is simply a more secure encryption mechanism compared to TLS 1.1 or earlier (which have been cryptographically compromised).

How to I solve the problem?

Theatre Manager has supported TLS 1.2 for months. If you are still using TM 10.05, you may need to download the installer (below) and put it on ALL workstations and ALL Theatre Manager Server machines (or you could update to TM 10.06). If you are using Theatre Manager 10.06, you are ok (it has been available since Oct 2016)

If you are using version 10.05.45 (and do not want to update to 10.06 yet), please re-install version 10.05.45 using the links below.

This currently only affects venues with Theatre Manager version 10.05 using authorize.net for merchant services. We suspect Orbital, Bambora, Moneris and Elavon will follow very soon because it is a forthcoming PCI requirement.

There is a potential catch 22 if you are on a Mac using OSX 10.08 and earlier. Safari on those versions of OSX do not support TLS1.2 to connect to our web site (we have to be PCI compliant too). Instead, use Chrome or Firefox if you need to.