CyberSource

CyberSource Secure Acceptance is a credit card payment gateway that allows full customization of checkout and error pages, and still simplifies PCI compliance by posting credit card data directly to secure CyberSource servers.

This checkout handler uses the new Secure Acceptance Protocol for CyberSource to ensure that it’s updated and fully compliant with CyberSource requirements.

Limitations

The CyberSource checkout handler requires a SSL certificate to protect your customer payment information

Creating a test account

First off, you must register an account with CyberSource following their setup procedure.

You can login with your credentials here to setup your account and see the transactions: https://ebctest.cybersource.com/ebctest/login/Login.do

Configuring the CyberSource account

To use this checkout handler, you have to:

Generate an Access key and a Secret key
Generate a certificate and upload it to the Dynamicweb Files Archive

If you want to perform test transactions, you have to repeat these steps for your Test as well as Live accounts.

Generate keys:

To generate the Access and Secret key, follow these steps:

Log in to CyberSource Business Center with the merchant ID provided to you by CyberSource
Go to Tools & Settings > Secure Acceptance > Profiles and click “Create New Profile” in the bottom right to create a payment profile
Enter all profile details – Select “Web/Mobile” for the method – and click “Create”

Copy and store your Profile ID

Now you’ll have to set up your Payment Methods – click on “Payment Settings”

Click “Add/Edit Card Types” and select any card types you’ll accept payments for. If you decided to accept eChecks, you should enable these as well

Once you’ve added your card types, you’ll need to add the currencies you’ll accept. Click the pencil “edit” icon to add these currencies

Update and save your Payment Settings, then move on to Security

Click “Create New Key” to generate access/security keys for your profile
Enter the name of your store/profile and click “Generate Key”

You’ll now be provided with security and access keys. Copy them and save
Return to profile home
Click “Promote to active"

And that's it!

Generate certificate:

Log in to CyberSource Business Center with the merchant ID provided to you by CyberSource
Go to Account Management > Transaction Security Keys
Click “Security Keys for the Simple Order API” link (Figure 7.1)

Click the “2048-Bit Key” button (Figure 7.2)

The New Security Key page requires you have Java Runtime Environment installed in order for your browser to generate the certificate. Install if needed
Click “Generate certificate Request” button and get the certificate file

Configuring the checkout handler

Once your account has been configured, you can create and configure the matching payment method in Dynamicweb.

To do so:

Create or edit a payment method in the Management Center > Ecommerce > Orders > Payment following the regular procedure
Select the CyberSource checkout handler from the dropdown
Fill in the associated parameters (Figure 8.1)

Figure 8.1 The parameters available for the checkout handler

You must:

Enter your Merchant ID and profile ID provided to you by CyberSource
Enter your Access key, Secret key and Certificate generated in CyberSource Business center. The certificate should be -uploaded to the Dynamicweb File Archive
Choose a transaction type:
- With Sale, the amount is sent for authorization, and if approved, is automatically submitted for settlement
- With Authorization, the order is authorized at AuthorizeNET and then you can manually authorize from ecommerce backend order list
Select a Work Mode:
- Choose Production when you are ready to go live
- Choose Test to simulate payment transactions without involving real money transfers

Furthermore, you can:

Force tokenization forces the token to be saved on order or card for logged in users who have not chosen “Save card”
Customize any templates you want to use
- The payment template renders the Cyber Source payment app
- The Cancel and Error templates render cancellation and error messages

Testing

You should test your setup thoroughly before going live.

You can use the following card numbers for testing purposes:

American Express: 3782 8224 6310 005
Discover: 6011 1111 1111 1117
JCB: 3566 1111 1111 1113
Maestro (International): 5033 9619 8909 17 / 5868 2416 0825 5333 38
Maestro (UK Domestic): Issue number not required: 6759 4111 0000 0008
MasterCard: 5555 5555 5555 4444
UATP: 1354 1234 5678 911
VISA: 4111 1111 1111 1111

To test responses from CyberSource, you can make a series of payments with the test cards above and price ending in a certain way – CyberSource will then always return one of the standard responses from CyberSource.

The general testing responses are:

Input	Expected response
Input: purchaseTotals_grandTotalAmount = 1 Info = Valid Transaction	decision=ACCEPT reasonCode=100 ccAuthReply_processorResponse=00
Input: purchaseTotals_grandTotalAmount = -1 Info = Invalid Amount < $0	decision=REJECT reasonCode=102 ccAuthReply_processorResponse=
Input: purchaseTotals_grandTotalAmount = 100000000000 Info = Invalid Amount; amount too large	decision=REJECT reasonCode=102 ccAuthReply_processorResponse=
Input: card_accountNumber = Info = Empty credit card number	decision=REJECT reasonCode=101 ccAuthReply_processorResponse=
Input: card_accountNumber = 4111111111111112 Info = Invalid Luhn Mod 10	decision=REJECT reasonCode=231 ccAuthReply_processorResponse=
Input: card_accountNumber = 412345678912345678914 Info = 21-digit credit card number; Mod 10 OK	decision=REJECT reasonCode=231 ccAuthReply_processorResponse=
Input: card_expirationMonth = 13 Info = Invalid expiration month	decision=REJECT reasonCode=102 ccAuthReply_processorResponse=
Input: card_expirationYear = 1998 Info = Expiration date passed	decision=REJECT reasonCode=202 ccAuthReply_processorResponse=

Going live

Once the integration is successfully tested in the developer test environment, you need to contact CyberSource in order to go live with the CyberSource checkout handler.