On This Page

{#jumplink-list}  
[Markdown](/docs/cybs/en-us/platform/relnote/all/na/rn-2026-04-02.md)

Release Notes {#rn-general}
===========================

These release notes cover all releases to the production server for the week ending April 3, 2026.

Announcements {#rn-announce}
============================

These announcements are for April 3, 2026.

TLS Updates {#tls-1-3}
======================

We are making changes to our implementation of Transport Layer Security (TLS).

TLS 1.3
-------

To maintain the highest security standards for both browser-based and server-to-server connections, we will enable TLS 1.3 on the endpoints listed below. This enhancement is optional and will supplement the existing TLS 1.2 support, which will remain in place with no plans for removal.  
We will make changes to these endpoints on these dates:  
**Testing environment**: May 26, 2026  
*ics2wstesta.ic3.com*  
*ics2wstest.ic3.com*  
*apitest.cybersource.com*  
**Production environment**: June 2, 2026  
*ics2wsa.ic3.com*  
*ics2ws.ic3.com*  
*api.cybersource.com*  
*api.in.cybersource.com*  
*ics2ws.in.ic3.com*  
Contact Customer Support if you have any questions about these changes.

TLS Certificate Lifetime Reduction
----------------------------------

In alignment with new CA/Browser Forum regulations, the maximum TLS certificate lifetime will be reduced gradually as follows:  
• Currently, the maximum lifetime for a TLS certificate is 200 days.  
• Beginning March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.  
• Beginning March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.  
See this blog for more information about the TLS certificate lifetime changes:  
[tls-certificate-lifetimes-will-officially-reduce-to-47-days](https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days "")  
**How will this change impact connectivity?**  
Server level (leaf) SSL/TLS certificates issued by Cybersource will remain valid until their scheduled expiration. Server level (leaf) TLS certificates have shorter lifespans and must be reissued more frequently. Cybersource therefore recommends that clients trust the root certificate instead.  
**What is our recommendation?**  
We continue to recommend trusting the Root TLS certificates for all secure endpoints. This approach removes the need for periodic renewal of server level certificates and helps prevent connection failures caused by expired leaf certificates.  
**How can I tell which TLS certificate I am using?**  
Contact your server administrator or your network support team.  
**Where can I find the TLS Root certificate?**  
Continue trusting the root certificate to maintain connectivity with supported endpoints. You can download the root certificate from this article:  
[?code=KA-09802](https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-09802 "")  
Contact your Customer Support representatives with any questions.

Webhooks Updates {#webhooks-validations-decommission}
=====================================================

Webhooks version 1 is decommissioned. See [Webhooks version 2 in the Developer Center](https://developer.cybersource.com/api-reference-assets/index.md#webhooks "").

Bluefin P2PE Decryption: PCI P2PE Support Ending for PTS 3.X Terminals {#bluefin-p2pe-pts-device-apr26-eol}
===========================================================================================================

Bluefin announced that their support for PCI P2PE on PTS 3.X payment terminals will end on **April 30, 2026**. After this date, these devices will no longer be supported or listed as part of Bluefin's validated PCI P2PE solution.  
Bluefin has notified clients about the device support status. Customers still using PTS 3.X devices should transition to supported alternatives to remain compliant. For replacement and integration guidance, see the [Guidance on Expiring Bluefin P2PE PTS Devices](https://www.bluefin.com/download/devices/Guidance_on_Expiring_Bluefin_P2PE_PTS_Devices.pdf "") document.

Features Introduced This Week {#rn-features}
============================================

**Oracle NetSuite 26.2.0**
--------------------------

Description
:
This release introduces support for pro-forma invoicing, enabling merchants to generate preliminary invoices before goods or services are delivered, providing greater flexibility in billing workflows.
:
The Pay-by-Link Invoices feature has been enhanced with payment page configuration options that enable merchants to customize the payment experience for their customers.

Mandate
:
Does not apply.

Audience
:
Users of Oracle Net suite.

Benefit
:
Proforma invoicing provides greater flexibility in billing work flows.
:
Payment page configuration options allow merchants to customize the payment experience for their customers.

Technical Details
:
None.

Important Dates
:
Released to production April 2, 2026.

**OpenCart 26.1.0**
-------------------

Description
:
This release adds these updates:

    * Support for OpenCart v3.0.3.9, ensuring compatibility with the latest platform updates.
    * Standalone Apple Pay flows are migrated into Unified Checkout to provide a streamlined payment experience.
    * Optional Message-Level Encryption is introduced for transaction requests.
    * Legacy Cybersource endpoints are replaced with the latest Visa Acceptance Solutions endpoints, to align with modern standards.
    * Google Pay transactions support Payer Authentication (3-D Secure).
    * The transientTokenResponseOptions.includeCardPrefix parameter is now set to `false` by default, for improved tokenization consistency.
    * Support has been expanded to additional payment networks, including China Union Pay and Jaywan.
    * CVV is captured using Microform, for enhanced protection.
    * Labels and graphical elements have been updated.
    {#rn-features_ul_vpn_vvv_53c}

Mandate
:
Does not apply.

Audience
:
Users of OpenCart.

Benefit
:
These updates provide better flexibility, security, and compatibility.

Technical Details
:
None.

Important Dates
:
Released to production March 31, 2026.

**PrestaShop 7.1.0**
--------------------

Description
:
This release adds these updates:
:
* Support for PrestaShop 9.0.3 and updated Unified Checkout v0.34 and Cybersource SDK v0.0.71. These updates extend platform compatibility.
* As part of the Unified Checkout mandate, all authorization API calls are fully migrated to the completeMandate flow. This ensures end-to-end support for Payer Authentication, Decision Manager, and Token Management Service. To further optimize the saved-card experience, we implemented an address form that loads prior to Unified Checkout within the My Cards section, and introduced Microform to securely capture CVV for payments with stored cards.
* Streamlined configuration workflows that relocate the Accepted Card Types section from General Settings to Payment Settings, improving clarity and usability. Card payments are enabled by default and eCheck support has been temporarily removed.
* Legacy endpoints are migrated from *cybersource.com* to *visaacceptance.com*. Added support for new Cardinal Commerce URLs.
* Additional response fields are displayed in the back office for refund transactions, to support Merchandise Return Authorization workflows.
* Bug fixes: Tokens display only when tokenization is enabled. Email address propagation into Unified Checkout is corrected.
{#rn-features_ul_anj_dxv_53c}

Mandate
:
Does not apply.

Audience
:
Users of PrestaShop.

Benefit
:
Improved security, compatibility, clarity, and usability.

Technical Details
:
None.

Important Dates
:
Released to production March 31, 2026.

**WooCommerce 2.2.0**
---------------------

Description
:
This release adds these updates:
:
* Upgraded Unified Checkout to v0.34, including the latest Cybersource REST Client SDK v0.0.71.
* Introduced eCheck as a supported payment method.
* Implemented updates to comply with the latest Merchant Return Authorization mandate requirements.
* Improved Classic Checkout's graphical layout.
{#rn-features_ul_ktd_nyv_53c}

Mandate
:
Does not apply.

Audience
:
Users of WooCommerce 2.20.

Benefit
:
Improved flexibility, compatibility, and user experience.

Technical Details
:
None.

Important Dates
:
Released to production March 31, 2026.

Fixed Issues {#rn-fixed-issues}
===============================

No customer-facing fixes were released this week.

Known Issues {#rn-known-issues}
===============================

**Payments** \| EPS-35957
-------------------------

Description
:
Credit/refund requests that reference an authorization which is older than 60 days are failing with an incorrect error message.

Audience
:
Global.

Technical Details
:
The error message incorrectly indicates a missing ucaf_collectionIndicator field.

Workaround
:

**Merchant Management** \| EPS-36237
------------------------------------

Description
:
During creation of a merchant account that has multiple cards or currencies, the account cannot be saved do to a generic error message.

Audience
:
Portfolio merchants.

Technical Details
:
The error message says *"The page has error(s). Field(s) are invalid."*

Workaround
:
Create the account with only one card and currency. After creation is successful, edit the account to add more cards or currencies.

**Reporting** \| EPS-36818
--------------------------

Description
:
The Payer Authentication Detail Report sometimes contains missing data for transactions that use Cartes Bancaires cards.

Audience
:
Users of Payer Authentication.

Technical Details
:
None.

Workaround
:
None.