Flexible Token
- Recent Revisions
- REST Components
- Registration
- Authentication
  - Create a Shared Secret Key for HTTP Signature Authentication
  - Create a P12 Certificate for JSON Web Token Authentication
- Generate the Header
  - HTTP Signature Authentication
  - JSON Web Token Authentication
- Flex API
  - Secure Acceptance Flexible Token SDKs
  - Secure Acceptance Flexible Token API
  - Generate Key
    - Authentication
    - Examples
  - Tokenize Card
    - Examples
- Flex Microform 0.11
  - Getting Started
    - Creating the Server-Side Context
    - Setting Up the Client Side
      - Transient Token Time Limit
      - Transient Token Response Format
      - Validating the Transient Token
      - Using the Transient Token
    - Getting Started Examples
  - Styling
  - Events
  - Security Recommendations
  - PCI DSS Guidance
  - API Reference
    - Class: Field
    - Module: FLEX
    - Class: Microform
    - Class: MicroformError
    - Events
    - Global
- Previous Version
  - Flex Microform 0.4.4
    - Getting Started
    - Styling
    - Events
    - Security Recommendations
    - PCI DSS Guidance
    - API Reference
      - Module: FLEX 0.4.4
      - Class: MicroformError 0.4.4
      - Class: MicroformInstance 0.4.4
      - Events 0.4.4
      - Global 0.4.4

Flex Microform 0.4.4

Flex Microform is a Cybersource-hosted page that replaces the card number input field and calls the Flex API on your behalf.

You can style this page to look like and behave the same as any other field on your website. This might qualify you for PCI DSS assessments based on SAQ A.

Flex Microform provides the most secure method for tokenizing card data. Sensitive data is encrypted on the customer’s device before HTTPS transmission to Cybersource. This method mitigates any compromise of the HTTPS connection by a man-in-the-middle attack.

How It Works

Flex Microform allows you to focus on creating the best possible checkout experience for your customers.

The provided JavaScript library enables you to replace the sensitive card number input field with a secure iframe (hosted by Cybersource), that captures data on your behalf. This embedded field will look and feel just like any other input in your checkout process, allowing you to create a smooth, user-friendly experience.

When captured, the card number is replaced with a mathematically irreversible token that can be used only by you. The token can be used in place of the card number for follow-on transactions in existing Cybersource APIs.

PCI Compliance

The least burdensome level of PCI compliance is SAQ A. To achieve this compliance, sensitive payment data must be captured securely by a validated payment provider.

To meet this requirement, Flex Microform renders a secure iframe containing the card number input. This iframe is hosted by Cybersource and payment data is submitted directly to Cybersource through the secure Flex API , thus never touching your systems.

As user experience is an integral part of any modern e-commerce application, we provide all the tools required to blend seamlessly with your checkout experience. Various event hooks and styling options are available to facilitate, maximizing customizability without compromising PCI compliance.

Browser Support

Internet Explorer 11 or later

Edge 13 or later

Firefox 21 or later

Chrome 11 or later

Safari 6.1 or later

Opera 15 or later

Security Recommendations

PCI DSS Guidance

API Reference

On This Page