I received the following email from Authorize.Net on January 11, 2019:
Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined.
We have identified that you have this feature configured and may be relying on MD5 based transHash in transaction responses for verifying the sender is Authorize.Net.
Please contact and work with your web developer or solutions provider to verify if you are still utilizing MD5 based hash and if still needed to move to SHA-256 hash via Signature Key.
Please refer your developer or solution provider to our Transaction Hash Upgrade Guide for more details and information on this change.
Here’s a link to the “Transaction Hash Upgrade Guide”: