On This Page
Release Notes
These release notes cover all releases to the production server for the week ending
March 6, 2026
.Announcements
These announcements are for
March 6, 2026
.Webhooks Updates
Webhooks version 1 will be decommissioned in April 2026. See Webhooks version 2 in the Developer Center.
TLS Updates
We are making changes to our implementation of Transport Layer Security (TLS).
TLS 1.3
To maintain the highest security standards for both browser-based and server-to-server
connections, we will enable TLS 1.3 on the endpoints listed below. This enhancement is
optional and will supplement the existing TLS 1.2 support, which will remain in place with
no plans for removal.
We will make changes to these endpoints on these dates:
Testing environment
: May 26, 2026ics2wstesta.ic3.com
ics2wstest.ic3.com
apitest.cybersource.com
Production environment
: June 2, 2026ics2wsa.ic3.com
ics2ws.ic3.com
api.cybersource.com
api.in.cybersource.com
ics2ws.in.ic3.com
Contact Customer Support if you have any questions about these changes.
TLS Certificate Lifetime Reduction
In alignment with new CA/Browser Forum regulations, the maximum TLS certificate lifetime
will be reduced gradually as follows:
• From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398
days.
• March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
• March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
• March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.
Review the information in this blog for more information about the TLS certificate
lifetime changes:
How will this change impact connectivity?
Server level (leaf) SSL/TLS certificates issued by Cybersource will remain valid until
their scheduled expiration. Server level (leaf) TLS certificates have shorter lifespans and
must be reissued more frequently. Cybersource therefore recommends that clients trust the
root certificate instead.
What is our recommendation?
We continue to recommend trusting the Root TLS certificates for all secure
endpoints. This approach removes the need for periodic renewal of server level certificates
and helps prevent connection failures caused by expired leaf certificates.
How can I tell what TLS certificate I am using?
Contact your server administrator or your network support team.
Where can I find the TLS Root certificate?
Continue trusting the root certificate to maintain connectivity with supported endpoints. You
can download the root certificate from this article:
Contact your Customer Support representatives for any questions you may have about this
change.
Features Introduced This Week
AFT and OCT Transactions | RM-42567
AFT and OCT Transactions
| RM-42567- Description
- This release enhances the payment authorization API for Account Funding Transactions (AFTs) and Original Credit Transaction (OCTs). The response message contains the source of the funding in thepayments.card.vpc-edqp-afs-enhancementfield.
- Mandate
- Does not apply.
- Audience
- Merchants who accept AFT and OCT payments.
- Benefit
- The funding source is needed to support Visa Flexible Credential. This would help to apply credit card surcharges.
- Technical Details
- None.
- Important Dates
- Released to production March 4, 2026.
Fixed Issues
Vantiv Transactions | RM-41337
Vantiv Transactions
| RM-41337- Description
- Transactions processed through Vantiv will now time out after 30 seconds.
- Audience
- Merchants who process transactions through Vantiv.
- Technical Details
- None.
- Important Dates
- March 4, 2026.
Known Issues
Transaction Search | EPS-36336
Transaction Search
| EPS-36336- Description
- Applications that are showing as Challenge or Not Run in Transaction Search will instead show as Failed in Similar Search.
- Audience
- Users of Similar Search in the Business Center.
- Technical Details
- None.
- Workaround
- No.
Visa Platform Connect Transactions | EPS-36391
Visa Platform Connect Transactions
| EPS-36391- Description
- All transactions using 3-digits exponent currency must be performed with the last digit as a zero. If a transaction is sent with different last digit (1-9), we will adjust the value to0.
- Audience
- Merchants using 3-digits exponent currencies through Visa Platform Connect.
- Technical Details
- A discrepancy was found specifically for credit authorization transactions, where an initial authorization and settlement transaction performed without a 0 does not benefits from the same logic, leading to rejections from Visanet.
- Workaround
- Until further notice, consider performing an authorization and settlement transaction with the last digit set to zero, in case there is a possibly of future credits on your orders. If you are affected by this issue, consider performing a standalone credit.