CyberSource

Implementing CyberSource as payment provider

CyberSource is a credit card payment gateway that allows full customization of checkout and error pages, and still simplifies PCI compliance by posting credit card data directly to secure CyberSource servers.

This checkout handler uses the new Secure Acceptance Protocol for CyberSource to ensure that it’s updated and fully compliant with CyberSource requirements.

Note

The CyberSource checkout handler requires a SSL certificate to protect your customer payment information
The provider supports using TLS 1.2.

CyberSource provides a Sandbox environment for testing purposes. This sandbox mimics the live payment gateway experience but doesn't execute real transactions. CyberSource doesn't send sandbox transactions to financial institutions for actual processing.

You can sign up for an CyberSource sandbox here.

To configure CyberSource you need the following 5 keys:

Merchant id - This is the name of your sandbox account
Profile id - This is a security key generated in the CyberSource Business Center under: Tools & Settings > Profiles > Security
Access key - This is the public component of the security key
Secret key - This is the secret component of the security key The guide on how to get the Access and Secret key can be found here
Certificate - The guide on how to obtain the latest certificates can be found here

You must also:

Choose the transaction type:

With Sale, the amount is sent for authorization, and if approved, is automatically submitted for settlement
With Authorization (order amount), the order is authorized at AuthorizeNET and then you can manually authorize from ecommerce backend order list. This is used for usual transactions
With Authorization (zero amount), all transactions are zero authorized. Capture is performed through AX or similar and you can carry out account verification checks to check the validity of a Visa/MasterCard Debit or credit card

CyberSource transaction

Select a Work mode:

Choose Production when you are ready to go live
Choose Test to simulate payment transactions without involving real money transfers

Furthermore, you can:

Force tokenization forces the token to be saved on order or card for logged in users who have not chosen “Save card”
Customize any templates you want to use
- The payment template renders the Cyber Source payment app
- The Cancel and Error templates render cancellation and error messages
Select a Window Mode, if the payment window should redirect or if it should be embedded

Cybersource also supports AVS (Address Verification System) validation:

Review AVS codes should contain the AVS codes you want to receive an AVS validation for
When Ignore AVS results is checked, you will receive no AVS declines
Approve AVS Code should contain a comma-separated list of AVS codes which will permit the transaction to be approved

Before going live, you should test your setup thoroughly. Test credit card numbers to test the authorization, capture, and credit services can be found here. Do not use real credit card numbers.

The general testing responses are:

Input	Expected response
Input: purchaseTotals_grandTotalAmount = 1 Info = Valid Transaction	decision=ACCEPT reasonCode=100 ccAuthReply_processorResponse=00
Input: purchaseTotals_grandTotalAmount = -1 Info = Invalid Amount < $0	decision=REJECT reasonCode=102
Input: purchaseTotals_grandTotalAmount = 100000000000 Info = Invalid Amount; amount too large	decision=REJECT reasonCode=102
Input: card_accountNumber = Info = Empty credit card number	decision=REJECT reasonCode=101
Input: card_accountNumber = 4111111111111112 Info = Invalid Luhn Mod 10	decision=REJECT reasonCode=231
Input: card_accountNumber = 412345678912345678914 Info = 21-digit credit card number; Mod 10 OK	decision=REJECT reasonCode=231
Input: card_expirationMonth = 13 Info = Invalid expiration month	decision=REJECT reasonCode=102
Input: card_expirationYear = 1998 Info = Expiration date passed	decision=REJECT reasonCode=202

Table of Contents

CyberSource

Note