Starting from version 3.0.0 of the Adyen plugin for Magento 2, Client Side Encryption (CSE) is replaced with Secured Fields. This moves the encryption of credit card data from your end towards us.
To keep your business secure and continue receiving support from Adyen, you need to upgrade your Adyen plugin to version 3.0.0 or higher.
Not upgrading the plugin makes your business more vulnerable to security breaches where cardholder data can be stolen. This puts the security of your customers and your business at risk, and makes you potentially liable for fines, losses and costs incurred as a result of a breach.
Versions 4.2.0 or higher will also give you native 3D Secure 2, the latest authentication technology.
What you need to do
Upgrade your Adyen plugin:
- Download version 3.0.0 or higher of the Adyen plugin on Github.
- Move the code into your own environment, and follow the instructions below.
Generate an Adyen API key
- Log in to your Adyen Customer Area.
- Go to Account > Users, and click the web service user that you set in your Magento, for example: ws@Company.[YourCompanyAccount].
- Under Authentication, click Generate New API Key.
- Copy and securely store the API Key in your system. If you lose this API Key, you won't be able to restore it later.
- Click Save at the bottom of the page.
Before going live, make sure that your web service user has the Checkout webservice role. If you need to enable this role, contact our Support Team.
Set up the Adyen API key in Magento:
- Log in to your Magento 2 admin panel.
- In the main menu, go to Stores > Configuration.
- In the left navigation bar, go to Sales > Payment Methods.
- Click Adyen All-in-One Payment Solutions.
- In the Required Settings section, fill out the Test: Api-Key / Live: Api-Key fields.
- In the Live endpoint prefix field, enter the unique live url prefix: [random]-[company name].
You can find this in your Adyen Customer Area, under Account> API URLs and Response.