CyberSource
Implementing CyberSource as payment provider
CyberSource is a credit card payment gateway that allows full customization of checkout and error pages, and still simplifies PCI compliance by posting credit card data directly to secure CyberSource servers.
This checkout handler uses the new Secure Acceptance Protocol for CyberSource to ensure that it’s updated and fully compliant with CyberSource requirements.
You can read more about Cyber Source at their website.
Note
- The CyberSource checkout handler requires a SSL certificate to protect your customer payment information
- The provider supports using TLS 1.2.
CyberSource provides a Sandbox environment for testing purposes. This sandbox mimics the live payment gateway experience but doesn't execute real transactions. CyberSource doesn't send sandbox transactions to financial institutions for actual processing.
You can sign up for an CyberSource sandbox here.
To configure CyberSource you need the following 5 keys:
- Merchant id - This is the name of your sandbox account
- Profile id - This is a security key generated in the CyberSource Business Center under: Tools & Settings > Profiles > Security
- Access key - This is the public component of the security key
- Secret key - This is the secret component of the security key The guide on how to get the Access and Secret key can be found here
- Certificate - The guide on how to obtain the latest certificates can be found here
You must also:
Choose the transaction type:
- With Sale, the amount is sent for authorization, and if approved, is automatically submitted for settlement
- With Authorization (order amount), the order is authorized at AuthorizeNET and then you can manually authorize from ecommerce backend order list. This is used for usual transactions
- With Authorization (zero amount), all transactions are zero authorized. Capture is performed through AX or similar and you can carry out account verification checks to check the validity of a Visa/MasterCard Debit or credit card
Select a Work mode:
- Choose Production when you are ready to go live
- Choose Test to simulate payment transactions without involving real money transfers
Furthermore, you can:
- Force tokenization forces the token to be saved on order or card for logged in users who have not chosen “Save card”
- Customize any templates you want to use
- The payment template renders the Cyber Source payment app
- The Cancel and Error templates render cancellation and error messages
- Select a Window Mode, if the payment window should redirect or if it should be embedded
Cybersource also supports AVS (Address Verification System) validation:
- Review AVS codes should contain the AVS codes you want to receive an AVS validation for
- When Ignore AVS results is checked, you will receive no AVS declines
- Approve AVS Code should contain a comma-separated list of AVS codes which will permit the transaction to be approved
Before going live, you should test your setup thoroughly. Test credit card numbers to test the authorization, capture, and credit services can be found here. Do not use real credit card numbers.
The general testing responses are:
Input | Expected response |
---|---|
Input: purchaseTotals_grandTotalAmount = 1 Info = Valid Transaction |
decision=ACCEPT reasonCode=100 ccAuthReply_processorResponse=00 |
Input: purchaseTotals_grandTotalAmount = -1 Info = Invalid Amount < $0 |
decision=REJECT reasonCode=102 |
Input: purchaseTotals_grandTotalAmount = 100000000000 Info = Invalid Amount; amount too large |
decision=REJECT reasonCode=102 |
Input: card_accountNumber = Info = Empty credit card number |
decision=REJECT reasonCode=101 |
Input: card_accountNumber = 4111111111111112 Info = Invalid Luhn Mod 10 |
decision=REJECT reasonCode=231 |
Input: card_accountNumber = 412345678912345678914 Info = 21-digit credit card number; Mod 10 OK |
decision=REJECT reasonCode=231 |
Input: card_expirationMonth = 13 Info = Invalid expiration month |
decision=REJECT reasonCode=102 |
Input: card_expirationYear = 1998 Info = Expiration date passed |
decision=REJECT reasonCode=202 |