The error:
Security header is not valid
Means that the username, password, or security key are invalid.
It appears there may be a bug associated with having dollar signs in the security key. I downloaded the webassist/ecart/checkout/credentials/gateways.php file and encoded the dollar signs on line 13. Let me know if that fixes the issue. If not, verify lines 11-13 of that file have the correct credentials.