diff --git a/ogone/includes/OgonePaymentMethodController.inc b/ogone/includes/OgonePaymentMethodController.inc
index 07935d9..37fdbc8 100644
--- a/ogone/includes/OgonePaymentMethodController.inc
+++ b/ogone/includes/OgonePaymentMethodController.inc
@@ -488,7 +488,7 @@ class OgonePaymentMethodController extends PaymentMethodController {
     $data = array(
       'AMOUNT' => bcmul($currency->roundAmount($payment->totalAmount(TRUE)),  pow(10, $currency->getDecimals())),
       'PSPID' => $payment->method->controller_data['pspid'],
-      'ORDERID' => $payment->pid,
+      'ORDERID' => ogone_get_orderid_from_pid($payment->pid),
       'CURRENCY' => $payment->currency_code,
       'LANGUAGE' => $this->locale(),
       'EMAIL' => user_load($payment->uid)->mail,
diff --git a/ogone/ogone.module b/ogone/ogone.module
index dc7d642..2b3a995 100644
--- a/ogone/ogone.module
+++ b/ogone/ogone.module
@@ -216,7 +216,7 @@ function ogone_form_redirect_access(Payment $payment, $account = NULL) {
   global $user;
 
   return is_a($payment->method->controller, 'OgonePaymentMethodController')
-    && payment_status_is_or_has_ancestor($payment->getStatus()->status, PAYMENT_STATUS_PENDING)
+    && payment_status_is_or_has_ancestor($payment->getStatus()->status, PAYMENT_STATUS_NEW)
     && isset($_SESSION['ogone_pid']) && $_SESSION['ogone_pid'] == $payment->pid;
 }
 
@@ -228,7 +228,7 @@ function ogone_form_redirect_access(Payment $payment, $account = NULL) {
 function ogone_return() {
   $controller = payment_method_controller_load('OgonePaymentMethodController');
   $data = $controller->feedbackData();
-  $payment = entity_load_single('payment', $data['ORDERID']);
+  $payment = entity_load_single('payment', ogone_get_pid_from_orderid($data['ORDERID']));
   $payment->method->controller->processFeedback($data, $payment);
 }
 
@@ -241,10 +241,34 @@ function ogone_return_access() {
   $controller = payment_method_controller_load('OgonePaymentMethodController');
   $data = $controller->feedbackData();
   if (isset($data['ORDERID']) && isset($data['SHASIGN'])) {
-    $payment = entity_load_single('payment', $data['ORDERID']);
+    $payment = entity_load_single('payment', ogone_get_pid_from_orderid($data['ORDERID']));
     if ($payment) {
       return $data['SHASIGN'] == $payment->method->controller->signOutgoingData($data, $payment->method);
     }
   }
   return FALSE;
 }
+
+/**
+ * Adds a random hash to the pid for an order id.
+ *
+ * @param $pid
+ * @return string
+ */
+function ogone_get_orderid_from_pid($pid) {
+  return $pid . '-' . substr(sha1(microtime()), 0, 6);
+}
+
+/**
+ * Removes the random hash from an order id to get the pid.
+ *
+ * @param $orderid
+ * @return string
+ */
+function ogone_get_pid_from_orderid($orderid) {
+  if (strpos($orderid, '-') !== FALSE) {
+    return substr($orderid, 0, -7);
+  }
+
+  return $orderid;
+}