CyberSource Gateway Guide

close

Services and Compatibility

Payment Gateway Company Name:
CyberSource
Services that work with Spreedly:
  • CyberSource
Supported operations:
Purchase, Authorize, Capture, Refund, Void, Verify, Store, General Credit
Supported payment types:
Credit Card, Apple Pay, Bank Account
Spreedly 3DS2 Global Supported
Yes
Gateway Specific 3DS2 Supported
No
Populate MIT GSF Support
No
Regions:
Asia Pacific, Europe, Latin America, North America
API endpoint URL:
https://ics2wsa.ic3.com/commerce/1.x/transactionProcessor

Authentication and Security

Specific names for credentials:
User Name, Transaction Key

Onboarding Merchants in:

Adding a CyberSource gateway

To add a CyberSource gateway you need to supply your CyberSource user name (merchant_id), and a SOAP Toolkit secure Transaction Key generated in the CyberSource admin:


curl https://core.spreedly.com/v1/gateways.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<gateway>
        <gateway_type>cyber_source</gateway_type>
        <user_name>Your merchant_id</user_name>
        <transaction_key>key</transaction_key>
      </gateway>'


<gateway>
  <token>SjpqtaDhgm7sEVYKW74a7eibFxv</token>
  <gateway_type>cyber_source</gateway_type>
  <name>CyberSource</name>
  <description nil="true"/>
  <merchant_profile_key nil="true"/>
  <sub_merchant_key nil="true"/>
  <user_name>Your merchant_id</user_name>
  <characteristics>
    <supports_purchase type="boolean">true</supports_purchase>
    <supports_authorize type="boolean">true</supports_authorize>
    <supports_capture type="boolean">true</supports_capture>
    <supports_credit type="boolean">true</supports_credit>
    <supports_general_credit type="boolean">true</supports_general_credit>
    <supports_void type="boolean">true</supports_void>
    <supports_adjust type="boolean">true</supports_adjust>
    <supports_verify type="boolean">true</supports_verify>
    <supports_reference_purchase type="boolean">false</supports_reference_purchase>
    <supports_purchase_via_preauthorization type="boolean">false</supports_purchase_via_preauthorization>
    <supports_offsite_purchase type="boolean">false</supports_offsite_purchase>
    <supports_offsite_authorize type="boolean">false</supports_offsite_authorize>
    <supports_offsite_synchronous_purchase type="boolean">false</supports_offsite_synchronous_purchase>
    <supports_offsite_synchronous_authorize type="boolean">false</supports_offsite_synchronous_authorize>
    <supports_3dsecure_purchase type="boolean">true</supports_3dsecure_purchase>
    <supports_3dsecure_authorize type="boolean">true</supports_3dsecure_authorize>
    <supports_3dsecure_2_mpi_purchase type="boolean">true</supports_3dsecure_2_mpi_purchase>
    <supports_3dsecure_2_mpi_authorize type="boolean">true</supports_3dsecure_2_mpi_authorize>
    <supports_store type="boolean">true</supports_store>
    <supports_remove type="boolean">false</supports_remove>
    <supports_fraud_review type="boolean">false</supports_fraud_review>
    <supports_network_tokenization type="boolean">true</supports_network_tokenization>
    <supports_populate_mit_fields type="boolean">false</supports_populate_mit_fields>
    <supports_inquire_by_gateway_transaction_id type="boolean">false</supports_inquire_by_gateway_transaction_id>
    <supports_inquire_by_order_id type="boolean">false</supports_inquire_by_order_id>
    <supports_transaction_retry type="boolean">true</supports_transaction_retry>
    <supports_stored_stored_credentials type="boolean">false</supports_stored_stored_credentials>
    <supports_stored_credentials type="boolean">true</supports_stored_credentials>
  </characteristics>
  <credentials>
    <credential>
      <name>user_name</name>
      <value>Your merchant_id</value>
    </credential>
  </credentials>
  <gateway_settings>
  </gateway_settings>
  <gateway_specific_fields>
    <gateway_specific_field>ignore_avs</gateway_specific_field>
    <gateway_specific_field>ignore_cvv</gateway_specific_field>
    <gateway_specific_field>decision_manager_enabled</gateway_specific_field>
    <gateway_specific_field>decision_manager_profile</gateway_specific_field>
    <gateway_specific_field>issuer_additional_data</gateway_specific_field>
    <gateway_specific_field>commerce_indicator</gateway_specific_field>
    <gateway_specific_field>collection_indicator</gateway_specific_field>
    <gateway_specific_field>merchant_descriptor</gateway_specific_field>
    <gateway_specific_field>installment_total_count</gateway_specific_field>
    <gateway_specific_field>installment_plan_type</gateway_specific_field>
    <gateway_specific_field>first_installment_date</gateway_specific_field>
    <gateway_specific_field>national_tax_amount</gateway_specific_field>
    <gateway_specific_field>local_tax_amount</gateway_specific_field>
    <gateway_specific_field>merchant_descriptor_name</gateway_specific_field>
    <gateway_specific_field>merchant_descriptor_address1</gateway_specific_field>
    <gateway_specific_field>merchant_descriptor_locale</gateway_specific_field>
    <gateway_specific_field>merchant_tax_id</gateway_specific_field>
    <gateway_specific_field>reconciliation_id</gateway_specific_field>
    <gateway_specific_field>stored_credential_overrides</gateway_specific_field>
    <gateway_specific_field>sales_slip_number</gateway_specific_field>
    <gateway_specific_field>airline_agent_code</gateway_specific_field>
    <gateway_specific_field>customer_id</gateway_specific_field>
    <gateway_specific_field>user_po</gateway_specific_field>
    <gateway_specific_field>taxable</gateway_specific_field>
    <gateway_specific_field>national_tax_indicator</gateway_specific_field>
    <gateway_specific_field>line_items</gateway_specific_field>
    <gateway_specific_field>zero_amount_verify</gateway_specific_field>
    <gateway_specific_field>sec_code</gateway_specific_field>
    <gateway_specific_field>discount_management_indicator</gateway_specific_field>
    <gateway_specific_field>purchase_tax_amount</gateway_specific_field>
    <gateway_specific_field>installment_total_amount</gateway_specific_field>
    <gateway_specific_field>installment_annual_interest_rate</gateway_specific_field>
    <gateway_specific_field>installment_grace_period_duration</gateway_specific_field>
    <gateway_specific_field>reference_data_code</gateway_specific_field>
    <gateway_specific_field>invoice_number</gateway_specific_field>
    <gateway_specific_field>tax_management_indicator</gateway_specific_field>
    <gateway_specific_field>original_amount</gateway_specific_field>
    <gateway_specific_field>invoice_amount</gateway_specific_field>
    <gateway_specific_field>vat_tax_rate</gateway_specific_field>
    <gateway_specific_field>mobile_remote_payment_type</gateway_specific_field>
    <gateway_specific_field>gratuity_amount</gateway_specific_field>
    <gateway_specific_field>mdd_field_1</gateway_specific_field>
    <gateway_specific_field>mdd_field_2</gateway_specific_field>
    <gateway_specific_field>mdd_field_3</gateway_specific_field>
    <gateway_specific_field>mdd_field_4</gateway_specific_field>
    <gateway_specific_field>mdd_field_5</gateway_specific_field>
    <gateway_specific_field>mdd_field_6</gateway_specific_field>
    <gateway_specific_field>mdd_field_7</gateway_specific_field>
    <gateway_specific_field>mdd_field_8</gateway_specific_field>
    <gateway_specific_field>mdd_field_9</gateway_specific_field>
    <gateway_specific_field>mdd_field_10</gateway_specific_field>
    <gateway_specific_field>mdd_field_11</gateway_specific_field>
    <gateway_specific_field>mdd_field_12</gateway_specific_field>
    <gateway_specific_field>mdd_field_13</gateway_specific_field>
    <gateway_specific_field>mdd_field_14</gateway_specific_field>
    <gateway_specific_field>mdd_field_15</gateway_specific_field>
    <gateway_specific_field>mdd_field_16</gateway_specific_field>
    <gateway_specific_field>mdd_field_17</gateway_specific_field>
    <gateway_specific_field>mdd_field_18</gateway_specific_field>
    <gateway_specific_field>mdd_field_19</gateway_specific_field>
    <gateway_specific_field>mdd_field_20</gateway_specific_field>
  </gateway_specific_fields>
  <payment_methods>
    <payment_method>credit_card</payment_method>
    <payment_method>apple_pay</payment_method>
    <payment_method>third_party_token</payment_method>
    <payment_method>bank_account</payment_method>
  </payment_methods>
  <state>retained</state>
  <redacted type="boolean">false</redacted>
  <sandbox type="boolean">false</sandbox>
  <mode>default</mode>
  <created_at type="dateTime">2023-06-06T17:08:47Z</created_at>
  <updated_at type="dateTime">2023-06-06T17:08:47Z</updated_at>
</gateway>



env = Spreedly::Environment.new('C7cRfNJGODKh4Iu5Ox3PToKjniY', '4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ', base_url: 'https://core.spreedly.com')
env.add_gateway(:cyber_source, user_name: 'user', transaction_key: 'Key')



#<Spreedly::Gateway:0x007fe333847290
@token="Zyjn7hWNlR3ZYRRqXcWg6wA9Qtt",
@created_at="2017-07-27T17:48:31Z",
@updated_at="2017-07-27T17:48:31Z",
@gateway_type="cyber_source",
@state="retained",
@name="CyberSource",
@credentials={"user_name"=>"user"}>

Third-party 3D Secure 2 auth data

Spreedly will automatically handle the field mapping for sending third-party 3DS2 authentication data to CyberSource. For more information about how to use this feature, see the 3DS2 Third-party Authentication Guide. Spreedly fields map to the relevant CyberSource fields as described in the following table. Please see CyberSource’s third-party 3DS2 documentation for detailed descriptions of each of these fields and when to use them.

Please note that there are two 3DS2 authentication fields that CyberSource may require but which are not currently handled by the standard set defined below. These must be sent as gateway specific fields rather than in the three_ds object:

  • commerce_indicator maps to commerceIndicator and is not to be confused with the ecommerce_indicator/eciRaw two-digit code.
  • collection_indicator maps to collectionIndicator and may be required for Mastercard.
Spreedly Field CyberSource Field
three_ds_version paSpecificationVersion
ecommerce_indicator eciRaw
authentication_value cavv (or authenticationData for Mastercard)
cavv_algorithm cavvAlgorithm
directory_server_transaction_id directoryServerTransactionID
authentication_response_status paresStatus
enrolled veresEnrolled

3DS Exemptions for Third-party 3d Secure 2 auth

For CyberSource, you can request an exemption by passing the exemption type in the transaction’s three_ds_exemption_type field. The table below shows what exemptions we support on CyberSource and what string value needs to populate the three_ds_exemption_type field to request that exemption.

Note that you will still need to pass the applicable 3DS 2 auth data in the fields above as well. See the Third Party 3DS2 guide for more information.

Exemption Type three_ds_exemption_type Value
Authentication Outage "authentication_outage"
B2B Corporate Card Transaction "corporate_card"
Delegated Authentication "delegated_authentication"
Low-Risk "low_risk"
Low-Value "low_value"
Trusted Merchant "trusted_merchant"
Stored Credential "stored_credential"

Using ACH bank account payment method

To be able to transact using Bank Account payment method (aka ACH), a Legal Compliance Text should be displayed to the customer as an acknowledgement and acceptance to use and verify their bank account information. For the specific language and details, see Cybersource Authorization language p11.

Gateway specific fields

When interacting with a CyberSource gateway to run transactions, several gateway specific fields are available when making a purchase or authorize call. Most of these fields are self-explanatory, and a complete list is available in the response to adding a gateway, shown above.

Of particular note, you may disable or enable Cybersource Decision Manager, set a Decision Manager profile, specify up to 100 different merchant defined fields (the maximum allowed by CyberSource), and pass additional data from the issuer. The following example demonstrates some of these fields.

In order to run verify transactions with a $0 amount, you may pass the zero_amount_verify field with a value of true to run a verification for $0, if your acquirer supports it.

The sec_code field may be used to pass a three letter code that describes how a payment was authorized by the consumer or business receiving an ACH transaction.

The merchant_id field can be used to specify a destination merchant_id different from the one used to create the CyberSource gateway. This enables portfolio merchants to utilize meta keys and direct funds to linked merchants.

Authorize and purchase transactions may fail with a CyberSource error code of 230 indicating that the provided card verification number did not match what’s on file at the issuing bank. These authorization requests are approved but flagged by CyberSource and considered a soft decline. The auto_void_230 GSF accepts a Boolean value to indicate to Spreedly if the merchant would like to attempt a void if an authorize or purchase attempt returns a response code of 230 from CyberSource.


curl https://core.spreedly.com/v1/gateways/LlkjmEk0xNkcWrNixXa1fvNoTP4/purchase.xml \
-u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
-H 'Content-Type: application/xml' \
-d '<transaction>
  <payment_method_token>56wyNnSmuA6CWYP7w0MiYCVIbW6</payment_method_token>
  <amount>100</amount>
  <currency_code>USD</currency_code>
  <gateway_specific_fields>
    <cyber_source>
      <auto_void_230>true</auto_void_230>
      <ignore_avs>true</ignore_avs>
      <ignore_cvv>true</ignore_cvv>
      <decision_manager_enabled>true</decision_manager_enabled>
      <decision_manager_profile>Regular</decision_manager_profile>
      <merchant_tax_id>Your merchant tax id</merchant_tax_id>
      <installment_total_count>5</installment_total_count>
      <installment_plan_type>1</installment_plan_type>
      <first_installment_date>220101</first_installment_date>
      <mdd_field_1>A value</mdd_field_1>
      <mdd_field_8>Another value</mdd_field_8>
      <mdd_field_20>Another custom value</mdd_field_20>
      <issuer_additional_data>Data defined by the issuer</issuer_additional_data>
      <commerce_indicator>internet</commerce_indicator>
      <collection_indicator>2</collection_indicator>
      <reconciliation_id>18301513</reconciliation_id>
      <sales_slip_number>ABC123</sales_slip_number>
      <airline_agent_code>RDU</airline_agent_code>
      <customer_id>Your identifier for the customer</customer_id>
      <user_po>Your USER PO</user_po>
      <taxable>true</taxable>
      <national_tax_indicator>1</national_tax_indicator>
      <line_items>
        <declared_value>100</declared_value>
        <tax_amount>5</tax_amount>
        <national_tax>10</national_tax>
      </line_items>
      <zero_amount_verify>true<zero_amount_verify>
      <sec_code>WEB</sec_code>
      <discount_management_indicator>T</discount_management_indicator>
      <purchase_tax_amount>0.42</purchase_tax_amount>
      <installment_total_amount>6.78</installment_total_amount>
      <installment_annual_interest_rate>1.09</installment_annual_interest_rate>
      <installment_grace_period_duration>1</installment_grace_period_duration>
      <reference_data_code>1A</reference_data_code>
      <invoice_number>1234567</invoice_number>
      <tax_management_indicator>1</tax_management_indicator>
      <original_amount>12.34</original_amount>
      <invoice_amount>12.34</invoice_amount>
      <mobile_remote_repayment_type>A</mobile_remote_repayment_type>
      <gratuity_amount>9.99</gratuity_amount>
    </cyber_source>
  </gateway_specific_fields>
</transaction>'


<transaction>
  <on_test_gateway type="boolean">true</on_test_gateway>
  <created_at type="dateTime">2022-01-04T11:40:19Z</created_at>
  <updated_at type="dateTime">2022-01-04T11:40:19Z</updated_at>
  <succeeded type="boolean">true</succeeded>
  <state>succeeded</state>
  <token>9hi3YLxcSW7AgDUzEWyLzC8TnXm</token>
  <transaction_type>Purchase</transaction_type>
  <order_id nil="true"/>
  <ip nil="true"/>
  <description nil="true"/>
  <email nil="true"/>
  <merchant_name_descriptor nil="true"/>
  <merchant_location_descriptor nil="true"/>
  <merchant_profile_key nil="true"/>
  <gateway_specific_fields>
    <cyber_source>
      <auto_void_230>true</auto_void_230>
      <ignore_avs>true</ignore_avs>
      <ignore_cvv>true</ignore_cvv>
      <decision_manager_enabled>true</decision_manager_enabled>
      <decision_manager_profile>Regular</decision_manager_profile>
      <merchant_tax_id>Your merchant tax id</merchant_tax_id>
      <installment_total_count>5</installment_total_count>
      <installment_plan_type>1</installment_plan_type>
      <first_installment_date>220101</first_installment_date>
      <mdd_field_1>A value</mdd_field_1>
      <mdd_field_8>Another value</mdd_field_8>
      <mdd_field_20>Another custom value</mdd_field_20>
      <issuer_additional_data>Data defined by the issuer</issuer_additional_data>
      <commerce_indicator>internet</commerce_indicator>
      <collection_indicator>2</collection_indicator>
      <reconciliation_id>18301513</reconciliation_id>
      <sales_slip_number>ABC123</sales_slip_number>
      <airline_agent_code>RDU</airline_agent_code>
      <customer_id>Your identifier for the customer</customer_id>
      <user_po>Your USER PO</user_po>
      <taxable>true</taxable>
      <national_tax_indicator>1</national_tax_indicator>
      <line_items>
        <declared_value>100</declared_value>
        <tax_amount>5</tax_amount>
        <national_tax>10</national_tax>
      </line_items>
      <zero_amount_verify>true<zero_amount_verify>
      <sec_code>WEB</sec_code>
      <discount_management_indicator>T</discount_management_indicator>
      <purchase_tax_amount>0.42</purchase_tax_amount>
      <installment_total_amount>6.78</installment_total_amount>
      <installment_annual_interest_rate>1.09</installment_annual_interest_rate>
      <installment_grace_period_duration>1</installment_grace_period_duration>
      <reference_data_code>1A</reference_data_code>
      <invoice_number>1234567</invoice_number>
      <tax_management_indicator>1</tax_management_indicator>
      <original_amount>12.34</original_amount>
      <invoice_amount>12.34</invoice_amount>
      <mobile_remote_repayment_type>A</mobile_remote_repayment_type>
      <gratuity_amount>9.99</gratuity_amount>
    </cyber_source>
  </gateway_specific_fields>
  <gateway_specific_response_fields>
  </gateway_specific_response_fields>
  <gateway_transaction_id>56</gateway_transaction_id>
  <gateway_latency_ms type="integer">0</gateway_latency_ms>
  <stored_credential_initiator nil="true"/>
  <stored_credential_reason_type nil="true"/>
  <populate_mit_fields type="boolean">false</populate_mit_fields>
  <warning nil="true"/>
  <application_id nil="true"/>
  <amount type="integer">100</amount>
  <currency_code>USD</currency_code>
  <retain_on_success type="boolean">false</retain_on_success>
  <payment_method_added type="boolean">false</payment_method_added>
  <smart_routed type="boolean">false</smart_routed>
  <message key="messages.transaction_succeeded">Succeeded!</message>
  <gateway_token>T11bJAANtTWnxl36GYjKWvbNK0g</gateway_token>
  <gateway_type>test</gateway_type>
  <shipping_address>
    <name>Newfirst Newlast</name>
    <address1 nil="true"/>
    <address2 nil="true"/>
    <city nil="true"/>
    <state nil="true"/>
    <zip nil="true"/>
    <country nil="true"/>
    <phone_number nil="true"/>
  </shipping_address>
  <response>
    <success type="boolean">true</success>
    <message>Successful purchase</message>
    <avs_code nil="true"/>
    <avs_message nil="true"/>
    <cvv_code nil="true"/>
    <cvv_message nil="true"/>
    <pending type="boolean">false</pending>
    <result_unknown type="boolean">false</result_unknown>
    <error_code nil="true"/>
    <error_detail nil="true"/>
    <cancelled type="boolean">false</cancelled>
    <fraud_review nil="true"/>
    <created_at type="dateTime">2022-01-04T11:40:19Z</created_at>
    <updated_at type="dateTime">2022-01-04T11:40:19Z</updated_at>
  </response>
  <api_urls>
  </api_urls>
  <payment_method>
    <token>1rpKvP8zOUhj4Y9EDrIoIYQzzD5</token>
    <created_at type="dateTime">2017-06-26T17:04:38Z</created_at>
    <updated_at type="dateTime">2022-01-03T19:12:08Z</updated_at>
    <email>joey@example.com</email>
    <data>
      <my_payment_method_identifier>448</my_payment_method_identifier>
      <extra_stuff>
        <some_other_things>Can be anything really</some_other_things>
      </extra_stuff>
    </data>
    <storage_state>retained</storage_state>
    <test type="boolean">true</test>
    <metadata>
      <key>string value</key>
    </metadata>
    <callback_url nil="true"/>
    <last_four_digits>1111</last_four_digits>
    <first_six_digits>411111</first_six_digits>
    <card_type>visa</card_type>
    <first_name>Newfirst</first_name>
    <last_name>Newlast</last_name>
    <month type="integer">3</month>
    <year type="integer">2032</year>
    <address1 nil="true"/>
    <address2 nil="true"/>
    <city nil="true"/>
    <state nil="true"/>
    <zip nil="true"/>
    <country nil="true"/>
    <phone_number nil="true"/>
    <company nil="true"/>
    <full_name>Newfirst Newlast</full_name>
    <eligible_for_card_updater type="boolean">true</eligible_for_card_updater>
    <shipping_address1 nil="true"/>
    <shipping_address2 nil="true"/>
    <shipping_city nil="true"/>
    <shipping_state nil="true"/>
    <shipping_zip nil="true"/>
    <shipping_country nil="true"/>
    <shipping_phone_number nil="true"/>
    <payment_method_type>credit_card</payment_method_type>
    <errors>
    </errors>
    <verification_value></verification_value>
    <number>XXXX-XXXX-XXXX-1111</number>
    <fingerprint>e3cef43464fc832f6e04f187df25af497994</fingerprint>
  </payment_method>
  <attempt_3dsecure type="boolean">false</attempt_3dsecure>
</transaction>

Please refer to using a payment method for more information on how to send GSFs

Gateway specific response fields

A response from CyberSource may contain the following gateway specific response fields:

  <transaction>
    <token>LgpTNGjsWQs9DwdxcbreUVz0R8p</token>
    <transaction_type>Store</transaction_type>
    <gateway_specific_response_fields>
       <cyber_source>
         <subscription_id>123456</subscription_id>
         <authorization_code>123456</authorization_code>
         <reconciliation_id>123456</reconciliation_id>
         <reconciliation_reference_number>123456</reconciliation_reference_number>
         <receipt_number>123456</receipt_number>
         <processor_response>123456</processor_response>
         <payment_network_transaction_id>123456</payment_network_transaction_id>
         <response_insights_category>ISSUER_WILL_NEVER_APPROVE</response_insights_category>
         <response_insights_category_code>01</response_insights_category_code>
       </cyber_source>
    </gateway_specific_response_fields>
  </transaction>