Payment Services

Various services are used to process
payments.
These services enable customers to purchase goods and services. They also enable merchants to receive payments from customer accounts, to provide refunds, and to void transactions.

Authorizations

An authorization confirms that
a payment
card account holds enough funds to pay for a purchase. Authorizations can be made online or offline.

Online Authorizations

Online authorizations provide immediate confirmation of funds availability. The customer's financial institution also reduces the amount of credit available in the customer's account, setting aside the authorized funds for the merchant to capture at a later time. Authorizations for most payment cards are processed online. Typically, it is safe to start fulfilling the order when you receive an authorization confirmation.
An
online authorization confirmation and the subsequent hold on funds expire after a specific length of time. Therefore it is important to capture funds in a timely manner. The issuing bank sets the expiration time interval, but most authorizations expire within
5 to
7 days.
The issuing bank does not inform
Cybersource
when an authorization confirmation expires. By default, the authorization information for each transaction remains in the
Cybersource
database for 180 days after the authorization date. To capture an authorization that expired with the issuing bank, you can resubmit the authorization request.

Offline Authorizations

Online transactions require an internet connection. In situations where the internet is not available, for example, due to an outage, merchants can continue to take credit card payments using offline transactions. An offline authorization is an authorization request for which you do not receive an immediate confirmation about the availability of funds.
Offline authorizations have a higher level of risk than online transactions because they do not confirm funds availability or set aside the funds for later capture. Further, it can take up to 5 days to receive payment confirmations for offline transactions. To mitigate this risk, merchants may choose to fulfill orders only after receiving payment confirmation.

Pre-Authorizations

A pre-authorization enables you to authorize a payment when the final amount is unknown. It is typically used for lodging, auto rental, e-commerce, and restaurant transactions.
For a pre-authorization:
  • The authorization amount must be greater than zero.
  • The authorization must be submitted for capture within 30 calendar days of its request.
  • When you do not capture the authorization, you must reverse it.
    In the U.S., Canada, Latin America, and Asia Pacific, Mastercard charges an additional fee for a pre-authorization that is not captured and not reversed.
    In Europe, Russia, Middle East, and Africa, Mastercard charges fees for all pre-authorizations.
  • Chargeback protection is in effect for 30 days after the authorization.

Payment Network Token Authorizations

You can integrate authorizations with payment network tokens into your existing order management system. For an incremental authorization, you do not need to include any payment network tokenization fields in the authorization request because
Cybersource
obtains the payment network tokenization information from the original authorization request.

Authorization Workflow

This image and description show the authorization workflow:
  1. The customer purchases goods or services from the merchant using a payment card.
  2. You send an authorization request over secure internet connection to
    Cybersource
    . When the customer buys a digitally delivered product or service, you can request both the authorization and the capture at the same time. When the customer buys a physically fulfilled product, do not request the capture until you ship the product.
  3. Cybersource
    validates the order information then contacts your payment processor and requests authorization.
  4. The processor sends the transaction to the payment card company, which routes it to the issuing bank for the customer's payment card. Some card companies, including Discover
    and American Express
    , act as their own issuing banks.
  5. The issuing bank approves or declines the request.
    • If funds are available, the issuing bank reserves the amount of the authorization request and returns an authorization approval to
      Cybersource
      .
    • If the issuing bank denies the request, it returns an authorization denial to
      Cybersource
      .
  6. Cybersource
    runs its own tests then tells you whether the authorization succeeded.

Sales

A sale is a bundled authorization and capture. Some processors and acquirers require a sale transaction instead of using separate authorization and capture requests.
For other processors and acquirers, you can
request a sale instead of a separate authorization and capture when you provide the goods or services immediately after taking an order.
There are two types of sale processing: dual-message processing and single-message processing.

Dual-Message Processing

Dual-message processing is a two-step process. The authorization is processed first. If the authorization is successful, the capture is processed immediately afterward. The response includes the authorization and the capture information. If the authorization is declined, the capture is not processed, and the response message includes only the authorization information.

Partial Authorizations

All debit and prepaid card processors as well as a limited number of credit card processors support partial authorizations when dual-message processing is in place.
When partial authorization is enabled, the issuing financial institution can approve a partial amount when the balance on the card is less than the requested amount. When a partial amount is authorized, the capture is not processed. The merchant can then use a second card to cover the balance, adjust the total cost, or void the transaction.

Single-Message Processing

Single-message processing treats the authorization and capture as a single transaction. There are important differences between dual-message processing and single-message processing:
  • Single-message processing treats the request as a full-financial transaction, and with a successful transaction, funds are immediately transferred from the customer account to the merchant account.
  • Authorization and capture amounts must be the same.
  • Some features cannot be used with single-message processing.

Authorization Reversals

The authorization reversal service releases the hold that an authorization placed on a customer’s payment card funds.
Each card-issuing financial institution has its own rules for deciding whether an authorization reversal succeeds or fails. When a reversal fails, contact the card-issuing financial institution to learn whether there is a different way to reverse the authorization.
If your processor supports authorization reversal after void (ARAV), you can reverse an authorization after you void the associated capture. If your processor does not support ARAV, you can use the authorization reversal service only for an authorization that has not been captured and settled.
An authorization reversal is a follow-on transaction that uses the request ID returned from an authorization. The main purpose of a follow-on transaction is to link two transactions. The request ID links the follow-on transaction to the original transaction. The authorization request ID is used to look up the customer’s billing and account information in the
Cybersource
database. You are not required to include those fields in the full authorization reversal request. The original transaction and follow-on transaction are linked in the database and in
the
Business Center
.
For processors that support debit cards and prepaid cards, the full authorization reversal service works for debit cards and prepaid cards in addition to credit cards.
You cannot perform an authorization reversal if a transaction is in a review state, which can occur if you use a fraud management service. You must reject the transaction prior to authorization reversal. For more information, see the fraud management documentation in
the
Business Center
.

Automatic Partial Authorization Reversals

Automatic partial authorization reversals are supported for:
  • Credit cards
  • Debit cards and prepaid cards.
  • Quasi-cash.
If the capture amount is less than the authorization amount,
Cybersource
automatically performs a partial authorization reversal before it sends the capture request to the processor. The results of a successful partial authorization reversal are:
  • The capture amount matches the new authorization amount at the payment card company.
  • The hold on the unused credit card funds might be released. The issuing bank decides whether or not to release the hold on unused funds.
    Not all issuers act on a request for a partial authorization reversal. Therefore,
    Cybersource
    cannot guarantee that the funds will be released.

Captures

A capture is a follow-on transaction to an authorization. It is used to transfer the authorized funds from the customer's account to the merchant account. To link the authorization transaction to the capture transaction, you include a request ID in your capture request. This request ID is returned to you in the authorization response.
Captures are typically not performed in real time. They are placed in a batch file and sent to the processor, and the processor settles all of the captures at one time. In most cases, these batch files are sent and processed outside of the merchant's business hours. It usually takes 2 to 4 days for the acquiring financial institution to deposit the funds into the merchant account.
When fulfilling only part of a customer’s order, do not capture the full amount of the authorization. Capture only the cost of the delivered items. When you deliver the remaining items, request a new authorization, and then capture the new authorization.
It is not possible to perform a capture if a transaction is in a review state, which can occur if you use a fraud management service. You must accept the transaction prior to capture. For more information, see the fraud management documentation in
the
Business Center
.

Capture Workflow

The capture workflow begins when you send a request for a capture.
  1. The merchant sends a request for a capture to
    Cybersource
    .
  2. For online captures,
    Cybersource
    validates the order information then sends an online capture to the payment processor.
    For offline captures,
    Cybersource
    stores the capture request in a batch file and sends the batch file to the payment processor after midnight.
  3. The processor validates the request and forwards it to the issuing bank.
  4. The issuing bank transfers funds to the acquiring bank.
The payment processor does not notify
Cybersource
that the money has been transferred. To ensure that all captures are processed correctly, you should reconcile your capture requests with the capture reports from your processor.

Credits

Credits are payment refunds from a merchant to the cardholder after a cardholder pays for a product or service and that payment is captured by the merchant. When a credit request is successful, the issuer transfers funds from the merchant bank (acquirer) account to the customer's account. It typically takes 2 to 4 days for the acquirer to transfer funds from your merchant account.
You should carefully control access to the credit service. Do not request this service directly from your customer interface. Instead, incorporate this service as part of your customer service process. This process reduces the potential for fraudulent transactions.
There are two basic types of credits:
follow-on credits
and stand-alone credits.

Follow-On Credits

Follow-on credits, also known as
refunds
, use the capture request ID to link the refund to a specific transaction. This request ID is returned during the capture request (also known as a
settlement
) and is used in all subsequent refunds associated with the original capture. The request ID links the transaction to the customer’s billing and account information, so you are not required to include those fields in the credit request. However, when you combine a request for a refund with a request for another service, such as the tax calculation service, you must provide the customer’s billing and account information.
Unless otherwise specified, refunds must be requested within 180 days of a settlement. You can request multiple refunds against a single capture. To perform multiple refunds, use the same request ID in each request.

Stand-Alone Credits

Stand-alone credits are not tied to an original transaction. Stand-alone credits do not have a time restriction, and they can be used to issue refunds more than 180 days after a transaction settlement.

Credit Workflow

The credit workflow begins when you send a request for a credit.
A credit does not happen in real time. All of the credit requests for a day are typically placed in a file and sent to the processor as a single
batch
transaction. In most cases, the batch transaction is settled overnight.
  1. The merchant sends a request for a credit to
    Cybersource
    .
  2. For online credits,
    Cybersource
    validates the order information then sends an online credit to the payment processor.
    For offline credits,
    Cybersource
    stores the credit request in a batch file and sends the batch file to the payment processor after midnight.
  3. The processor validates the request and forwards it to the acquiring bank.
  4. The acquiring bank transfers funds to the issuing bank.

Voids

A void cancels a capture or credit request that was submitted but not yet processed by the processor.
Capture and credit requests are usually submitted once a day. A void request is declined when the capture or credit request has already been sent to the processor.
After a void is processed, you cannot credit or capture the funds. You must perform a new transaction to capture or credit the funds. Further, when you void a capture, a hold remains on the authorized funds. If you are not going to re-capture the authorization,
and if your processor supports authorization reversal after void (ARAV),
you should request an authorization reversal to release the hold on the unused funds.
A void uses the capture or credit request ID to link the transactions. The authorization request ID is used to look up the customer’s billing and account information, so there is no need to include those fields in the void request. You cannot perform a follow-on credit against a capture that has been voided.