On This Page
Release Notes
These release notes cover all releases to the production server for the week ending
March 20, 2026
.Announcements
These announcements are for
March 20, 2026
.Webhooks Updates
Webhooks version 1 will be decommissioned in April 2026. See Webhooks version 2 in the Developer Center.
TLS Updates
We are making changes to our implementation of Transport Layer Security (TLS).
TLS 1.3
To maintain the highest security standards for both browser-based and server-to-server
connections, we will enable TLS 1.3 on the endpoints listed below. This enhancement is
optional and will supplement the existing TLS 1.2 support, which will remain in place with
no plans for removal.
We will make changes to these endpoints on these dates:
Testing environment
: May 26, 2026ics2wstesta.ic3.com
ics2wstest.ic3.com
apitest.cybersource.com
Production environment
: June 2, 2026ics2wsa.ic3.com
ics2ws.ic3.com
api.cybersource.com
api.in.cybersource.com
ics2ws.in.ic3.com
Contact Customer Support if you have any questions about these changes.
TLS Certificate Lifetime Reduction
In alignment with new CA/Browser Forum regulations, the maximum TLS certificate lifetime
will be reduced gradually as follows:
• From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398
days.
• Beginning March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
• Beginning March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
• Beginning March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.
Review the information in this blog for more information about the TLS certificate
lifetime changes:
How will this change impact connectivity?
Server level (leaf) SSL/TLS certificates issued by Cybersource will remain valid until
their scheduled expiration. Server level (leaf) TLS certificates have shorter lifespans and
must be reissued more frequently. Cybersource therefore recommends that clients trust the
root certificate instead.
What is our recommendation?
We continue to recommend trusting the Root TLS certificates for all secure
endpoints. This approach removes the need for periodic renewal of server level certificates
and helps prevent connection failures caused by expired leaf certificates.
How can I tell what TLS certificate I am using?
Contact your server administrator or your network support team.
Where can I find the TLS Root certificate?
Continue trusting the root certificate to maintain connectivity with supported endpoints. You
can download the root certificate from this article:
Contact your Customer Support representatives for any questions you may have about this
change.
Features Introduced This Week
OptBlue Fields | RM-42677
OptBlue Fields
| RM-42677- Description
- This release adds optional American Express OptBlue Sub-Merchant fields to the Templates page in the Business Center, for all VPC processors. The new fields are controlled by a new OptBlue toggle that appears when American Express is selected. The new fields are:
- ID
- Phone
- Email
- Mandate
- None.
- Audience
- Merchants who process transactions through VPC.
- Benefit
- These fields ensure required data is captured for settlement files and prevent American Express transaction rejections.
- Technical Details
- None.
- Important Dates
- Released to production March 19, 2026.
Pay by Link Invoicing | RM-43157
Pay by Link Invoicing
| RM-43157- Description
- This release includes these updates:
- We now send a specific developer ID in the payload for invoices coming from a standard invoice, simple invoice, and the Virtual Terminal's one-time-payment.
- Two new drop-down menu options on the Manage Invoices dashboard to create two different invoices: standard invoice and simple invoice.
- New filter options for My Invoices.
- Mandate
- None.
- Audience
- Users of Invoicing.
- Benefit
- Integration of Virtual Terminal with Pay by Link Invoicing streamlines the process and enhances customer experience.
- Technical Details
- None.
- Important Dates
- Released to production March 18, 2026.
Terminal Details | RM-43720
Terminal Details
| RM-43720- Description
- This release adds a new section called Additional Information to the Terminal Details page in the Business Center. This section contains terminal details, including:
- Battery
- Firmware
- Connection status
- Network
- Time Zone
- Last Access
- Mandate
- Does not apply.
- Audience
- Users of payment terminals.
- Benefit
- Increased visibility into the details of your terminal.
- Technical Details
- None.
- Important Dates
- Released to production March 17, 2026.
Recurring Billing Subscriptions | RM-41823
Recurring Billing Subscriptions
| RM-41823- Description
- This feature gives users more control over their payments by displaying the next five upcoming scheduled payments and allowing them to be marked as Skipped. Users can also reverse this action, returning a payment to its Scheduled status.
- To enhance visibility, the payments table pagination is updated to ten, to show all five upcoming payments along with up to five most recent past payments on the first page.
- A Load More Scheduled button is introduced that allows users to load more upcoming scheduled payments and give the possibility to skip them.
- Mandate
- Does not apply.
- Audience
- Users of Recurring Billing.
- Benefit
- Users will be able to see their upcoming payments and skip or unskip them if needed.
- Technical Details
- None.
- Important Dates
- Released to production March 17, 2026.
Fixed Issues
Invoicing | RM-44111
- Description
- Release fixes the following issues:
- The Payment page sometimes did not load properly on mobile devices.
- Amount-only invoices with zero-amount displayed the wrong message.
- Emails were not working when the status was set to Created after creating an amount-only invoice.
- Incorrect validation message when someone tried to create an amount-only invoice with a zero amount.
- The amount field was displayed twice when the Custom Label object had a value, causing duplication of line items.
- Audience
- Users of Invoicing.
- Technical Details
- None.
- Important Dates
- Released to production March 20, 2026.
Known Issues
Unified Checkout and Token Management Service | EPS-36831
Unified Checkout and Token Management Service
| EPS-36831- Description
- When Unified Checkout is disabled for a child account in Business Center, the Token Management Service is automatically disabled as well, causing tokens to become unavailable.
- Audience
- Users of Unified Checkout and Token Management Service.
- Technical Details
- None.
- Workaround
- Re-enabling Unified Checkout and the Token Management Service in the Unified Checkout settings restores Token Management Service functionality.
Search Export | EPS-36827
Search Export
| EPS-36827- Description
- When a user in the Business Center searches for a merchant ID on the Designated Contacts page and clicks the Export button, the downloaded CSV file is empty.
- Audience
- Global.
- Technical Details
- None.
- Workaround
- None.
Transaction Details | EPS-36741
Transaction Details
| EPS-36741- Description
- The Transaction Details page in the Business Center displays Token links with incorrect token IDs.
- Audience
- Users of the Token Management System.
- Technical Details
- None.
- Workaround