RM-26947
- Description
- Secure Acceptance is upgraded to meet a Mastercard mandate. The mandate requires government-owned or-controlled merchants to include the country of origin in authorization requests. To accommodate this mandate, a new request field has been added to the API. See Technical Details for the field description.
- Audience
- All merchants using Secure Acceptance.
- Benefit
- Compliance with the Mastercard mandate.
- Technical Details
- The new field ismerchant_descriptor_countryoforigin. Set the value of this request field to a valid two-character ISO country code.
- Important Dates
- Released to Production February 27, 2024.
RM-26947
- Description
- A new response field was added to Secure Acceptance which contains a category code that can help merchants build their own retries. For field description, see Technical Details.
- Audience
- All merchants using Secure Acceptance.
- Benefit
- Increased success rates for retried transactions.
- Technical Details
- The new field isauth_insights_response_category_code. Supported values include:
- 01: Issuer Will Never Approve
- 02: Issuer Can't Approve at this Time
- 03: Issuer Can't Approve with these Details
- 04: Generic Error
- 98: Others
- 99: Payment Insights Response Category Match Not Found
- Important Dates
- Released to Production February 27, 2024.
RM-26973
- Description
- Cybersource-issued P12 keys are now secured with a password set by the user during key generation in the Business Center. This password must be securely stored by the user to open the key file or for use with your API implementation. Existing P12 keys will continue to work as normal.
- Audience
- Users of Cybersource P12 keys, including merchant and portfolio accounts.
- Benefit
- Enhanced security and user control.
- Technical Details
- Review the following considerations:Simple Order APIWithin the configuration file (for example,*.properties,*.config, and*.ini) there should be a variable for the password of the P12 key. Within the Simple Order Javacybs.propertiesfile it is calledkeyPassword. This variable may not have been set previously or may have been commented out. Please uncomment and enter the password you set during key generation.REST API JSON Web Tokens (JWT)You must reference the correct password to access the private key that is necessary to generate the JWT. Some implementations may read the P12 key or individual keys within. Depending on your implementation, you might need to extract the private key with the new password or reference the password in your implementation in place of the current default password.Batch File Upload and Account Updater UploadProgrammatic Batch Upload and Account Updater Upload both reference the P12 key file. In the Cybersource sample, thepassPhrasevariable is used to access the P12 key. Please set this value in the code, keystore, and properties file to the new password and not the previous default password.
- Important Dates
- Released in the Production environment February 28, 2024.
RM-26973
- Description
- P12 keys are now generated with an enhanced HmacPBESHA-256 algorithm. This may cause older SDKs or Operating Systems to be unable to access the key.
- Audience
- Users of Cybersource P12 keys, including merchant and portfolio accounts.
- Benefit
- Enhanced security and data integrity.
- Technical Details
- Ensure that your operating systems and SDKs are updated to support HmacPBESHA-256.
- Important Dates
- Released in the Production environment February 28, 2024.