On This Page

Portfolio Management for Resellers

This section describes how to manage portfolios for your merchants.

Creating a
Checkout API
 Profile

Contact
Cybersource
 Customer Support to enable your account for
Secure Acceptance
. You must activate a profile in order to use it. See Reseller: Activating a Profile.
  1. Log in to the Business Center:

    ADDITIONAL INFORMATION

  2. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  3. Click
    New Profile
    .
  4. Enter or verify these profile details:

    ADDITIONAL INFORMATION

    Profile Name
    The
    Secure Acceptance
     profile name is required and cannot exceed 40 alphanumeric characters.
    Profile Description
    The profile description cannot exceed 255 characters.
    Integration Method
    Check
    Checkout API
    .
    Company Name
    The company name is required and cannot exceed 40 alphanumeric characters.
    Company Contact Name
    Enter company contact name.
    Company Contact Email
    Enter company contact email.
    Company Phone Number
    Enter company contact phone number.
    Payment Tokenization
    Check
    Payment Tokenization
    . For more information, see Payment Transactions.
    Decision Manager
    Check
    Decision Manager
    . For more information, see Decision Manager.
    Verbose Data
    Check
    Verbose Data
    . For more information, see Decision Manager.
  5. Click
    Submit
    .

Payment Method Configuration

You must configure at least one payment method before you can activate a profile.

Reseller: Adding Card Types and Currencies

For each card type you choose, you can also manage currencies and payer authentication options. Choose only the types of payment cards and currencies that your merchant account provider authorizes.
Secure Acceptance does not process transactions for cards that do not have a card verification number (CVN) and expiration date. Most China UnionPay debit and credit cards issued before 2016 do not have a CVN and expiration date. You must decide whether you will require the CVN.
  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Click
    Add Card Types
    . The list of card types appear.
  5. Check each card type that you want to offer to the customer as a payment method. Your payment processor must support the card types.
  6. Click
    Settings
     for each card type. The card settings and currencies lists appear.
  7. Check the currencies for each card.

    ADDITIONAL INFORMATION

    By default, all currencies are listed as disabled. You must select at least one currency. Contact your merchant account provider for a list of supported currencies. If you select the Elo or Hipercard card type, only the Brazilian Real currency is supported.
  8. Click
    Submit
    . The card types are added as an accepted payment type.
  9. Click
    Save
    .

Payer Authentication Configuration

Payer authentication is the
Cybersource
 implementation of 3-D Secure. It deters unauthorized card use and provides added protection from fraudulent chargeback activity.
Secure Acceptance
 supports 3-D Secure 1.0 and 2.0.
Before you can use
Cybersource
 Payer Authentication, you must contact
Cybersource
 Customer Support so that
Cybersource
 can configure your account. Your merchant ID must be enabled for payer authentication. For more information about payer authentication, see the
Payer Authentication Developer Guides
.
For
Secure Acceptance
,
Cybersource
 supports these kinds of payer authentication:
  • American Express SafeKey
  • China UnionPay (3-D Secure 2.0 only)
  • Diners ProtectBuy
  • J/Secure by JCB
  • Mastercard Identity Check
  • Visa Secure
For each transaction, you receive detailed information in the replies and in the transaction details page of the Business Center. You can store this information for 12 months.
Cybersource
 recommends that you store the payer authentication data because you can be required to display this information as enrollment verification for any payer authentication transaction that you present again because of a chargeback.
Your merchant account provider can require that you provide all data in human-readable format.
The language used on each payer authentication page is determined by your issuing bank and overrides the locale that you specified. If you use the test card numbers, the default language used on the payer authentication page is English and overrides the locale you have specified. See Test and View Transactions.

Reseller: Configuring Payer Authentication

  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Choose the 3-D Secure version that you want to use. If you choose 3-D Secure 2.0 and the card issuer is not 3-D Secure 2.0 ready, some transactions might still authenticate over 3-D Secure 1.0. The
    payer_authentication_specification_version
     response field indicates which version was used.
  5. Click
    Save
    . The card types that support payer authentication are:
    • American Express
    • Cartes Bancaires
    • China UnionPay
    • Diners Club
    • JCB
    • Mastercard
    • Maestro (UK Domestic or International)
    • Visa

Reseller: Enabling Automatic Authorization Reversals

For transactions that fail to return an address verification system (AVS) or a card verification number (CVN) match, you can enable
Secure Acceptance
 to perform an automatic authorization reversal. An automatic reversal releases the reserved funds held against a customer's card.
  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Check
    Fails AVS check
    . Authorization is automatically reversed on a transaction that fails an AVS check.
  5. Check
    Fails CVN check
    . Authorization is automatically reversed on a transaction that fails a CVN check.
  6. Click
    Save
    .

    ADDITIONAL INFORMATION

    When the AVS and CVN options are disabled and the transaction fails an AVS or CVN check, the customer is notified that the transaction was accepted. You are notified to review the transaction details. See Types of Notifications.

Reseller: Enabling ACH Payments

An ACH payment is a payment made directly from your customer's U.S. or Canadian bank account. As part of the checkout process, you must display a terms and conditions statement for ACH transactions.
A customer must accept the terms and conditions before submitting an order. Within the terms and conditions statement it is recommended to include a link to the table of returned item fees. The table lists by state the amount that your customer has to pay when a check is returned.
  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Check
    Enable Echeck Payments
    . The list of account types appears.
  5. Check the account type(s):

    ADDITIONAL INFORMATION

    • Checking
    • Savings
    • Corporate Checking
    • General Ledger
  6. Click
    Add Currencies
    . The ACH settings page appears.
  7. Check
    Select All
     or select a currency.
  8. Click
    Save
    .

Reseller: Enabling PayPal Express Checkout

PayPal Express Checkout is not supported on a
Secure Acceptance
 iframe integration.
Contact
Cybersource
 Customer Support to have your
Cybersource
 account configured for this feature. You must also create a PayPal business account; see
PayPal Express Checkout Services Using Alternative Payment Services Simple Order API
.
Add the PayPal Express Checkout payment method to
your checkout page and redirect the customer to their PayPal account login.
 When logged in to their PayPal account they can review orders and edit shipping or payment details before completing transactions.
  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Check
    Enable PayPal Express Checkout
    .
  5. Click
    Save
    .

Service Fees

Contact
Cybersource
 Customer Support to have your
Cybersource
 account configured for this feature. Service fees are supported only if Wells Fargo is your acquiring bank and FDC Nashville Global is your payment processor.
The service fee setting applies to the card and ACH payment methods. To apply the service fee to only one payment method, create two
Secure Acceptance
 profiles with the appropriate payment methods enabled on each: one with the service fee feature enabled and one with the service fee feature disabled.
As part of the checkout process, you must display a terms and conditions statement for the service fee. A customer must accept the terms and conditions before submitting an order.

Reseller: Enabling Service Fees

  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Payment Settings
    . The Payment Settings page appears.
  4. Check
    Service Fee applies on transactions using this profile
    . The service fee terms and conditions URL and the service fee amount are added to the customer review page.

    ADDITIONAL INFORMATION

    Transactions fail if you disable this feature. Do not disable this feature unless instructed to do so by your account manager.
  5. Enter the Consent Page URL.

    ADDITIONAL INFORMATION

    Cybersource
     sends the order information and the service fee amount to the consent page URL by HTTPS POST. The customer is directed from your checkout page to the consent page URL to accept or decline the service fee amount. See the
    Secure Acceptance
    Checkout API
     Service Fee Guide     for detailed information.
  6. Click
    Save
    .

    ADDITIONAL INFORMATION

    After you save the profile you cannot disable the service fee functionality for that profile. All transactions using the profile will include the service fee amount.

Security Keys

Before you can activate a profile, you must create a security key to protect each transaction from data tampering. A security key expires in two years.
You cannot use the same security key for both test and production transactions. You must download a security key for each versions of
Secure Acceptance
 for test and production.
On the Profile Settings page, click
Security
. The Security Keys page appears. The security script signs the request fields using the secret key and the HMAC SHA256 algorithm. To verify data, the security script generates a signature to compare with the signature returned from the
Secure Acceptance
 server. You must have an active security key to activate a profile.

Reseller: Creating Security Keys

  1. In the left navigation panel, choose
    Payment Configuration > Key Management.
  2. Click
    Generate Key
    .
  3. Select a key type.
  4. Click
    Next Step
    .
  5. Select the key subtype
    Secure Acceptance
    .
  6. Click
    Next Step
    .
  7. Enter a key name (required).
  8. Choose signature version
    1
    .
  9. Choose signature method
    HMAC-SHA256
    .
  10. Select a security profile.
  11. Click
    Submit
    .
  12. Click
    Generate Key
    . The Create New Key window expands and displays the new access key and secret key. This window closes after 30 seconds.
  13. Copy and save the access key and secret key.

    ADDITIONAL INFORMATION

    • Access key: Secure Sockets Layer (SSL) authentication with
      Secure Acceptance
      . You can have many access keys per profile. See Scripting Language Samples.
    • Secret key: signs the transaction data and is required for each transaction. Copy and paste this secret key into your security script. See Scripting Language Samples.
    When done pasting the secret keys into your script, delete the copied keys from your clipboard or cached memory.
    By default, the new security key is active. The other options for each security key are:
    • Deactivate: deactivates the security key. The security key is inactive.
    • Activate: activates an inactive security key.
    • View: displays the access key and security key.
    When you create a security key, it is displayed in the security keys table. You can select a table row to display the access key and the secret key for that specific security key.
  14. Click
    Key Management
    . The Key Management page appears.

Reseller: Configuring Merchant Notifications

  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click Notifications. The Notifications page appears.
  4. Choose a merchant notification in one of two ways:
    • Check
      Merchant POST URL
      . Enter the HTTPS URL.
      Cybersource
       sends transaction information to this URL. For more information, see Response Fields.
      Only an HTTPS URL supporting TLS 1.2 or higher should be used for the merchant POST URL. If you encounter any problems, contact
      Cybersource
       Customer Support.
    • Check
      Merchant POST Email
      . Enter your email address.
      Cybersource
       sends transaction response information to this email address including payment information, return codes, and all relevant order information. See Response Fields.
  5. Choose the card number digits that you want displayed in the merchant or customer receipt:
    • Return payment card BIN: displays the card’s Bank Identification Number (BIN), which is the first six digits of the card number. All other digits are masked: 123456xxxxxxxxxx
    • Return last four digits of payment card number: displays the last four digits of the card number. All other digits are masked: xxxxxxxxxxxx1234
    • Return BIN and last four digits of payment card number: displays the BIN and the last four digits of the card number. All other digits are masked: 123456xxxxxx1234
  6. Click
    Save
    .

Customer Receipts

You can send a purchase receipt email to your customer and a copy to your own email address. Both are optional. Customers can reply with questions regarding their purchases, so use an active email account. The email format is HTML unless your customer email is rich text format (RTF).

Reseller: Configuring Customer Notifications

  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Notifications
    . The Notifications page appears.
  4. Check
    Email Receipt to Customer
    .
  5. Enter the sender email address to be displayed on the customer receipt. The customer will reply to this email with any queries.
  6. Enter the sender name of your business. It is displayed on the customer receipt.
  7. Check
    Send a copy to
    . This setting is optional.
  8. Enter your email address to receive a copy of the customer’s receipt.

    ADDITIONAL INFORMATION

    Your copy of the customer receipt will contain additional transaction response information.
  9. Check
    Display Notification Logo
    .
  10. Click
    Upload Company Logo
    . Find and upload the image that you want to display on the customer receipt and email.

    ADDITIONAL INFORMATION

    The image file must not exceed 840 (width) x 60 (height) pixels and must be GIF, JPEG, or PNG. The logo filename must not contain any special characters, such as a hyphen (-).
  11. Check
    Custom Email Receipt
    .

    ADDITIONAL INFORMATION

    Cybersource
     recommends that you implement a DNS configuration to enable
    Cybersource
     to send email receipts on your behalf.
  12. Check the type of email receipt that you want to send to a customer:
    • Standard email receipt: this email is automatically translated based on the locale used for the transaction.
    • Custom email receipt: this email can be customized with text and data references. The email body section containing the transaction detail appears between the header and footer. Custom text is not translated when using different locales are used.
  13. Check
    custom email subject
     and enter up to 998 characters. When the maximum number of characters is exceeded, the subject heading defaults to
    Order Confirmation
    .

    ADDITIONAL INFORMATION

    You can insert email smart tags in the email subject, header, and footer sections to include specific information. Select each smart tag from the drop-down list and click
    Insert
    .
  14. Click
    Save
    .

Customer Response Page

You must configure the customer response page before you can activate a profile.
You must choose to display a response page to the customer at the end of the checkout process. Enter a URL for your own customer response page. This page is displayed to the customer after the transaction is processed. Review declined orders as soon as possible because you might be able to correct problems related to address or card verification, or you might be able to obtain a verbal authorization. You can also choose to display a web page to the customer after the checkout process is completed.

Reseller: Configuring a Transaction Response Page

  1. In the left navigation panel, choose
    Portfolio Management > Secure Acceptance Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Choose a profile. The General Settings page appears.
  3. Click
    Customer Response
    . The Customer Response page appears.
  4. Enter the URL for your customer response page. Use port 80, 443, or 8080 in the URL.

    ADDITIONAL INFORMATION

    Only port 443 should be used with an HTTPS URL.
    A POST request with the transaction data is provided to this URL after the customer completes checkout.
    The POST request contains the reason code value of the transaction, which helps you determine possible actions to take on the transaction.
  5. Click
    Save
    .

Reseller: Activating a Profile

You must complete the required settings described in each of these sections before activating a profile:
  1. In the left navigation panel, choose
    Portfolio Management >
    Secure Acceptance
     Profiles
    . The
    Secure Acceptance
     Profile page appears.
  2. Perform one of these steps:
    • On the Active Profiles tab, choose a profile and click
      Publish Profile
      .
    • On the Edit Profile page, click
      Publish Profile
      .
  3. Click
    Confirm
    .

Reseller: Additional Profile Options

  • Copy
    —duplicates the active profile and creates an editable version. The editable version is listed in the inactive profile list. This option is available only for an active profile.
  • Deactivate
    —deactivates the active profile. The profile is now listed in the inactive profile list. This option is available only for an active profile.
  • Publish to Active
    —activates the inactive profile. This option is available only for an inactive profile.