CBSubs gateway notifications and errors

A client reported issues with payments for subscriptions as they have renewals beginning each year.

I looked into the notifications and observed two frequent log entries in addition to completed payments.

Log Type: IPN notificaton invalid hash / Fraud attempt
Reason code: ARB-Silent: ARB silent post Hash check failed

Log Type: Error returned by gateway (single payment)
Reason code: 11

I realized I did not have an MD5 hash set in Authorize.net nor the gateway setting in CBSubs, so I hope that fixes the first issue, but please advise if it's something else. If this is required input to avoid the error/notification perhaps the field in the gateway settings should be mandatory?

I'm not sure what the cause for #2 is. Authorize.net says that Error 11 is the result of a duplicate transaction being submitted . Why would that be happening? I assumed users are possibly being click-happy, but it has happened 25 times since Dec. 31, which seems very high.

I realized I did not have an MD5 hash set in Authorize.net nor the gateway setting in CBSubs, so I hope that fixes the first issue, but please advise if it's something else. If this is required input to avoid the error/notification perhaps the field in the gateway settings should be mandatory?

It's due to the hash check failing, which failed due to not supplying the hash in your gateway settings. Supplying the hash should resolve this for future purchases.

I'm not sure what the cause for #2 is. Authorize.net says that Error 11 is the result of a duplicate transaction being submitted . Why would that be happening? I assumed users are possibly being click-happy, but it has happened 25 times since Dec. 31, which seems very high.

It maybe retries since the hash check has been failing. You'll need to review the details of the notification see what exactly is happening. It's possible the payment went through, but CBSubs rejected it due to the hash check. You'll need to check your received payments to be sure.

Thanks for answering Krileon. A few more payments were made since I set the hash value in Authorize.net and updated the payment gateway setting to match. There are still notices for every transaction, even the completed ones, that say:
IPN notificaton invalid hash / Fraud attempt
ARB-Silent: ARB silent post Hash check failed

Any ideas? I'm sure there was no typo, but I have re-set a new hash value in both places to test further. I wondered if a space in the hash value was an issue, but it's fine according to Authorize.net :

Note that the MD5 Hash Value can be up to 20 characters long, including upper- and lower-case letters, numbers, spaces, and punctuation. More complex values will be more secure.

There have been more transactions since changing and updating the hash value in both Authorize.net and the payment gateway setting in CBSubs. The same error message occurs with each transaction.

Everything is up to date. I'm at a loss. Any ideas?

Are you altering the price at Authorize.net? Adding a fee of some sort? That sometimes can cause the validation checks to fail as it also is trying to be sure they're paying the right amount for the basket.

I'll be looking into this Authorize.net MD5 issue. Something has changed on Authorize.net side for recurring payments with ARBs. Would it be possible to send me by Private Message (PM) or embed in here with the [ confidential ] tag (lock in full editor), one of the notifications entries corresponding to the failed MD5 hash, in particular the raw part ? Thank you in advance.