Features Introduced This Week

RM-26947

Description: Secure Acceptance is upgraded to meet a Mastercard mandate. The mandate requires government-owned or-controlled merchants to include the country of origin in authorization requests. To accommodate this mandate, a new request field has been added to the API. See Technical Details for the field description.
Audience: All merchants using Secure Acceptance.
Benefit: Compliance with the Mastercard mandate.
Technical Details: The new field is
merchant_descriptor_countryoforigin
. Set the value of this request field to a valid two-character ISO country code.
Important Dates: Released to Production February 27, 2024.

RM-26947

Description: A new response field was added to Secure Acceptance which contains a category code that can help merchants build their own retries. For field description, see Technical Details.
Audience: All merchants using Secure Acceptance.
Benefit: Increased success rates for retried transactions.
Technical Details: The new field is
auth_insights_response_category_code
. Supported values include:

01
: Issuer Will Never Approve
02
: Issuer Can't Approve at this Time
03
: Issuer Can't Approve with these Details
04
: Generic Error
98
: Others
99
: Payment Insights Response Category Match Not Found
Important Dates: Released to Production February 27, 2024.

RM-26973

Description: Cybersource-issued P12 keys are now secured with a password set by the user during key generation in the Business Center. This password must be securely stored by the user to open the key file or for use with your API implementation. Existing P12 keys will continue to work as normal.
Audience: Users of Cybersource P12 keys, including merchant and portfolio accounts.
Benefit: Enhanced security and user control.
Technical Details: Review the following considerations:

Simple Order API

Within the configuration file (for example, *.properties
, *.config
, and *.ini
) there should be a variable for the password of the P12 key. Within the Simple Order Java cybs.properties
file it is called
keyPassword
. This variable may not have been set previously or may have been commented out. Please uncomment and enter the password you set during key generation.

REST API JSON Web Tokens (JWT)

You must reference the correct password to access the private key that is necessary to generate the JWT. Some implementations may read the P12 key or individual keys within. Depending on your implementation, you might need to extract the private key with the new password or reference the password in your implementation in place of the current default password.

Batch File Upload and Account Updater Upload

Programmatic Batch Upload and Account Updater Upload both reference the P12 key file. In the Cybersource sample, the
passPhrase
variable is used to access the P12 key. Please set this value in the code, keystore, and properties file to the new password and not the previous default password.
Important Dates: Released in the Production environment February 28, 2024.

RM-26973

Description: P12 keys are now generated with an enhanced HmacPBESHA-256 algorithm. This may cause older SDKs or Operating Systems to be unable to access the key.
Audience: Users of Cybersource P12 keys, including merchant and portfolio accounts.
Benefit: Enhanced security and data integrity.
Technical Details: Ensure that your operating systems and SDKs are updated to support HmacPBESHA-256.
Important Dates: Released in the Production environment February 28, 2024.