On This Page

Payment Configuration

This section describes the process for configuring your account to accept payments.

Creating a
Secure Acceptance
 Profile

Contact
Cybersource
 Customer Support to enable your account for
Secure Acceptance
. You must activate a profile in order to use it. See Activating a Profile.
  1. Log in to the Business Center:

    ADDITIONAL INFORMATION

  2. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  3. Click
    New Profile
    . The Create Profile page appears.
  4. Enter or verify these profile details.

    ADDITIONAL INFORMATION

    Profile Name
    The
    Secure Acceptance
     profile name is required and cannot exceed 40 alphanumeric characters.
    Profile Description
    The profile description cannot exceed 255 characters.
    Integration Method
    Check
    Checkout API
    .
    Company Name
    The company name is required and cannot exceed 40 alphanumeric characters.
    Company Contact Name
    Enter company contact name.
    Company Contact Email
    Enter company contact email.
    Company Phone Number
    Enter company contact phone number.
    Payment Tokenization
    Check
    Payment Tokenization
    . For more information, see Payment Transactions.
    Decision Manager
    Check
    Decision Manager
    . For more information, .
    Verbose Data
    Check
    Verbose Data
    . For more information, .
  5. Click
    Submit
    .

Payment Method Configuration

You must configure at least one payment method before you can activate a profile.

Adding Card Types and Currencies

For each card type you choose, you can also manage currencies
and payer authentication options
. Choose only the types of payment cards and currencies that your merchant account provider authorizes.
Secure Acceptance does not process transactions for cards that do not have a card verification number (CVN) and expiration date. Most China UnionPay debit and credit cards issued before 2016 do not have a CVN and expiration date. You must decide whether you will require the CVN.
  1. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Click
    Add Card Types
    . The list of card types appear.
  5. Check each card type that you want to offer to the customer as a payment method. Your payment processor must support the card types.
  6. Click the settings icon for each card type. The card settings and currencies lists appear.
  7. Check
    Payer Authentication
    .
  8. Check the currencies for each card.

    ADDITIONAL INFORMATION

    By default, all currencies are listed as disabled. You must select at least one currency. Contact your merchant account provider for a list of supported currencies. If you select the Elo or Hipercard card type, only the Brazilian real currency is supported.
  9. Click
    Submit
    . The card types are added as an accepted payment type.
  10. Click
    Save
    .

Payer Authentication
 Configuration

Payer Authentication
 is the
Cybersource
 implementation of 3-D Secure. It prevents unauthorized card use and provides added protection from fraudulent chargeback activity.
Secure Acceptance
 supports 3-D Secure 1.0 and 2.0.
Before you can use Payer Authentication, you must contact Customer Support to configure your account. Your merchant ID must be enabled for payer authentication. For more information about payer authentication, see the
Payer Authentication Developer Guides
.
For
Secure Acceptance
,
Cybersource
 supports these kinds of payer authentication:
  • American Express SafeKey
  • China UnionPay (3-D Secure 2.0 only)
  • Diners ProtectBuy
  • J/Secure by JCB
  • Mastercard Identity Check
  • Visa Secure
For each transaction, you receive detailed information in the replies and in the transaction details page of
the
Business Center
. You can store this information for 12 months.
Cybersource
 recommends that you store the payer authentication data because you can be required to display this information as enrollment verification for any payer authentication transaction that you present again because of a chargeback.
Your merchant account provider can require that you provide all data in human-readable format.
The language used on each payer authentication page is determined by your issuing bank and overrides the locale you have specified. If you use the test card numbers for testing purposes the default language used on the payer authentication page is English and overrides the locale you have specified. See Test and View Transactions.

Configuring Payer Authentication

  1. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Choose a 3-D Secure version. If you choose 3‑D Secure 2.0 and the card issuer is not 3‑D Secure 2.0 ready, some transactions might still authenticate over 3‑D Secure 1.0. The
    payer_authentication_specification_version
     response field indicates which version was used.
  5. Click
    Save
    . The card types that support payer authentication are:
    • American Express
    • Cartes Bancaires
    • China UnionPay
    • Diners Club
    • JCB
    • Mastercard
    • Maestro (UK Domestic or International)
    • Visa

Enabling Automatic Authorization Reversals

For transactions that fail to return an address verification system (AVS) or a card verification number (CVN) match, you can enable
Secure Acceptance
 to perform an automatic authorization reversal. An automatic reversal releases the reserved funds held against a customer's card.
  1. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Check
    Fails AVS check
    . Authorization is automatically reversed on a transaction that fails an AVS check.
  5. Check
    Fails CVN check
    . Authorization is automatically reversed on a transaction that fails a CVN check.
  6. Click
    Save
    .

    ADDITIONAL INFORMATION

    When the AVS and CVN options are disabled and the transaction fails an AVS or CVN check, the customer is notified that the transaction was accepted. You are notified to review the transaction details. See Types of Notifications.

Enabling ACH Payments

An ACH payment is a payment made directly from your customer's U.S. or Canadian bank account. As part of the checkout process, you must display a terms and conditions statement for ACH transactions.
A customer must accept the terms and conditions before submitting an order. Within the terms and conditions statement it is recommended that you include a link to the table of returned item fees. The table lists by state the amount that your customer has to pay when a check is returned.
  1. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Check
    Enable Echeck Payments
    . The list of account types appears.
  5. Check the account type(s):
    • Checking
    • Savings
    • Corporate Checking
    • General Ledger
  6. Click
    Add Currencies
    . The ACH settings page appears.
  7. Check
    Select All
     or check each currency.
  8. Click
    Save
    .

Enabling PayPal Express Checkout

PayPal Express Checkout is not supported on a
Secure Acceptance
 iframe integration.
Contact
Cybersource
 Customer Support to have your account configured for this feature. You must also create a PayPal business account.
See
Add the PayPal Express Checkout payment method to your checkout page and redirect the customer to their PayPal account login. When logged in to their PayPal account they can review orders and edit shipping or payment details before completing transactions.
  1. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Check
    Enable PayPal Express Checkout
    .
  5. Check
    Allow customers to select or edit their shipping address within PayPal
     to allow customers to edit the shipping address details that they provided in the transaction request to
    Secure Acceptance
    . Customers select a new address or edit the address when they are logged in to their PayPal account.
  6. When the transaction type is authorization, check one of these options:
    • Request a PayPal authorization and include the authorization response values in the response
      —check this option to create and authorize the PayPal order.
      The customer funds are not captured using this option. You must request a PayPal capture; see the PayPal guide. If the transaction type is
      sale
      ,
      Secure Acceptance
       authorizes and captures the customer funds.
    • Request a PayPal order setup and include the order setup response values in the response
      —check this option to create the PayPal order.
      The customer funds are not authorized or captured using this option. You must request a PayPal authorization followed by a PayPal capture request; see the PayPal guide. If the transaction type is
      sale
      ,
      Secure Acceptance
       authorizes and captures the customer funds.
  7. Click
    Save
    .

Security Keys

Before you can activate a profile, you must create a security key to protect each transaction from data tampering. A security key expires in two years.
You cannot use the same security key for both test and production transactions. You must download a security key for each version of
Secure Acceptance
 for test and production.
On the Profile Settings page, click
Security
. The Security Keys page appears. The security script signs the request fields using the secret key and the HMAC SHA256 algorithm. To verify data, the security script generates a signature to compare with the signature returned from the
Secure Acceptance
 server.

Creating Security Keys

  1. Log in to the
    Business Center
    .
  2. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  3. Choose a profile. The General Settings page appears.
  4. Click
    Security
    . The security keys page appears.
  5. Click the Create Key plus sign (+).
  6. Enter a key name (required).
  7. Choose signature version 1 (default).
  8. Choose signature method
    HMAC-SHA256
     (default).
  9. Click
    Create
    .
  10. Click
    Confirm
    . The Create New Key window expands and displays the new access key and secret key. This panel closes after 30 seconds.
  11. Copy and save or download the access key and secret key.
    • Access key: Secure Sockets Layer (SSL) authentication with
      Secure Acceptance
      . You can have many access keys per profile. See Scripting Language Samples.
    • Secret key: signs the transaction data and is required for each transaction. Copy and paste this secret key into your security script. See Scripting Language Samples.
      When done pasting the secret keys into your script, delete the copied keys from your clipboard or cached memory.

RESULT

By default, the new security key is active. The other options for each security key are:
  • Deactivate: deactivates the security key. The security key is inactive.
  • Activate: activates an inactive security key.
  • View: displays the access key and security key.
When you create a security key, it is displayed in the security keys table. You can select a table row to display the access key and the secret key for that specific security key.

Merchant Notifications

Secure Acceptance
 sends merchant and customer notifications in response to transactions. You can receive a merchant notification by email or as an HTTPS POST to a URL for each transaction processed. Both notifications contain the same transaction result data.
Ensure that your system acknowledges POST notifications (even when under load) as quickly as possible. Delays of more than 10 seconds might result in delays to future POST notifications.
Cybersource
 recommends that you implement the merchant POST URL to receive notification of each transaction. Parse the transaction response sent to the merchant POST URL and store the data within your order management system. This ensures the accuracy of the transactions and informs you when the transaction was successfully processed.

Configuring Merchant Notifications

  1. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Notifications
    . The Notifications page appears.
  4. Choose a merchant notification in one of two ways:
    • Check
      Merchant POST URL
      . Enter the HTTPS URL.
      Cybersource
       sends transaction information to this URL. For more information, see Response Fields. Only an HTTPS URL supporting TLS 1.2 or higher should be used for the merchant POST URL. If you encounter any problems, contact
      Cybersource
       Customer Support.
    • Check
      Merchant POST Email
      . Enter your email address.
      Cybersource
       sends transaction response information to this email address including payment information, return codes, and all relevant order information. See Response Fields.
  5. Choose the card number digits that you want displayed in the merchant or customer receipt:
    • Return payment card BIN: displays the card's Bank Identification Number (BIN), which is the first six digits of the card number. All other digits are masked: 123456xxxxxxxxxx
    • Return last four digits of payment card number: displays the last four digits of the card number. All other digits are masked: xxxxxxxxxxxx1234
    • Return BIN and last four digits of payment card number: displays the BIN and the last four digits of the card number. All other digits are masked: 123456xxxxxx1234
  6. Click
    Save
    .

Customer Receipts

You can send a purchase receipt email to your customer and a copy to your own email address. Both are optional. Customers can reply with questions regarding their purchases, so use an active email account. The email format is HTML unless your customer email is rich text format (RTF).

Configuring Customer Notifications

  1. In the left navigation panel, choose
    Payment Configuration >
    Secure Acceptance
     Settings
    . The
    Secure Acceptance
     Settings page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Notifications
    . The Notifications page appears.
  4. Check
    Email Receipt to Customer
    .
  5. Enter the sender email address to be displayed on the customer receipt. The customer will reply to this email with any queries.
  6. Enter the sender name of your business. It is displayed on the customer receipt.
  7. Check
    Send a copy to
    . This setting is optional.
  8. Enter your email address to receive a copy of the customer's receipt.

    ADDITIONAL INFORMATION

    Your copy of the customer receipt will contain additional transaction response information.
  9. Check
    Display Notification Logo
    .
  10. Click
    Upload Company Logo
    . Find and upload the image that you want to display on the customer receipt and email.

    ADDITIONAL INFORMATION

    The image file must not exceed 840 (width) x 60 (height) pixels and must be GIF, JPEG, or PNG. The logo filename must not contain any special characters, such as a hyphen (-).
  11. Check
    Custom Email Receipt
    .

    ADDITIONAL INFORMATION

    Cybersource
     recommends that you implement a DNS configuration to enable
    Cybersource
     to send email receipts on your behalf.
  12. Check the type of email receipt you want to send to a customer:
    • Standard email receipt: this email is automatically translated based on the locale used for the transaction.
    • Custom email receipt: this email can be customized with text and data references. The email body section containing the transaction detail appears between the header and footer. Custom text is not translated when you use different locales.
  13. Check
    Custom Email Subject
     and enter up to 998 characters. When the maximum number of characters is exceeded, the subject heading defaults to
    Order Confirmation
    .

    ADDITIONAL INFORMATION

    You can insert email smart tags in the email subject, header, and footer sections to include specific information. Select each smart tag from the drop-down list and click Insert.
  14. Click
    Save
    .

Customer Response Page

You must configure the customer response page before you can activate a profile.
You must choose to display a response page to the customer at the end of the checkout process. Enter a URL for your own customer response page. This page is displayed to the customer after the transaction is processed. Review declined orders as soon as possible because you might be able to correct problems related to address or card verification, or you might be able to obtain a verbal authorization. You can also choose to display a web page to the customer after the checkout process is completed.

Configuring a Transaction Response Page

  1. In the left navigation panel, choose
    Payment Configuration > Secure Acceptance Settings
    . The Secure Acceptance Settings page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Customer Response
    . The Customer Response page appears.
  4. Enter the URL for your customer response page. Use port 80, 443, or 8080 in the URL.

    ADDITIONAL INFORMATION

    Only port 443 should be used with an HTTPS URL.
    A POST request with the transaction data is provided to this URL after the customer completes checkout.
    The POST request contains the reason code value of the transaction, which helps you determine possible actions to take on the transaction.
  5. Click
    Save
    .