It is recommended that merchants use hash validation with the Secure Payment Profiles web form. This added security measure checks the integrity of a request string when data is submitted to the Bambora system.
With hash validation, two additional values can be passed when a profile is created or modified:
- hashValue: This parameter is used to verify that data was not modified in transit. Once hash validation is activated, this is a mandatory value.
- hashExpiry: This parameter is an optional field that can be used to set a session expiry time. If a request string is received after the hashExpiry time, the request is rejected.
Enabling Hash Validation for the Hosted Webform
- Log in to the Online Member Area
- On the menu, click configuration> payment profile webform.
- Select the Use hash validation on webform check box.
- Enter a Hash Key. It can any alphanumeric string consisting of up to 128 characters.
- For the Hash Algorithm, select MD5 or SHA-1.
Bambora uses the Hex variation of these Hash Algorithms for authentication.
This option only activates hash validation for the hosted Secure Payment Profiles webform. To use hash validation when processing a transaction against a profile, activate the setting under administration> order settings> Payment Gateway> Security/Authentication.