CyberSource Secure Acceptance is a credit card payment gateway that allows full customization of checkout and error pages, and still simplifies PCI compliance by posting credit card data directly to secure CyberSource servers.

This checkout handler uses the new Secure Acceptance Protocol for CyberSource to ensure that it’s updated and fully compliant with CyberSource requirements.

You can read more about Cyber Source at their website.


  • The CyberSource checkout handler requires a SSL certificate to protect your customer payment information
  • The provider supports using TLS 1.2.

First off, you must register an account with CyberSource following their setup procedure.

You can login with your credentials here to setup your account and see the transactions:

To use this checkout handler, you have to:

  • Generate an Access key and a Secret key
  • Generate a certificate and upload it to the Dynamicweb Files Archive

If you want to perform test transactions, you have to repeat these steps for your Test as well as Live accounts.

To generate the Access and Secret key, follow these steps:

  1. Log in to CyberSource Business Center with the merchant ID provided to you by CyberSource
  2. Go to Tools & Settings > Secure Acceptance > Profiles and click “Create New Profile” in the bottom right to create a payment profile
  3. Enter all profile details – Select “Web/Mobile” for the method – and click “Create”
  1. Copy and store your Profile ID
  1. Now you’ll have to set up your Payment Methods – click on “Payment Settings”
  1. Click “Add/Edit Card Types” and select any card types you’ll accept payments for. If you decided to accept eChecks, you should enable these as well
  1. Once you’ve added your card types, you’ll need to add the currencies you’ll accept. Click the pencil “edit” icon to add these currencies
  1. Update and save your Payment Settings, then move on to Security
  1. Click “Create New Key” to generate access/security keys for your profile
  2. Enter the name of your store/profile and click “Generate Key”
  1. You’ll now be provided with security and access keys. Copy them and save
  2. Return to profile home
  3. Click “Promote to active"

And that's it!

  1. Log in to CyberSource Business Center with the merchant ID provided to you by CyberSource
  2. Go to Account Management > Transaction Security Keys
  3. Click “Security Keys for the Simple Order API” link (Figure 7.1)
  1. Click the “2048-Bit Key” button (Figure 7.2)
  1. The New Security Key page requires you have Java Runtime Environment installed in order for your browser to generate the certificate. Install if needed
  2. Click “Generate certificate Request” button and get the certificate file

Once your account has been configured, you can create and configure the matching payment method in Dynamicweb.

To do so:

  • Create or edit a payment method in the Settings > Ecommerce > Orders > Payment following the regular procedure
  • Select the CyberSource checkout handler from the dropdown
  • Fill in the associated parameters (Figure 8.1)
Figure 8.1 The parameters available for the checkout handler

You must:

  • Enter your Merchant ID and profile ID provided to you by CyberSource
  • Enter your Access key, Secret key and Certificate generated in CyberSource Business center. The certificate should be -uploaded to the Dynamicweb File Archive
  • Choose a transaction type:
    • With Sale, the amount is sent for authorization, and if approved, is automatically submitted for settlement
    • With Authorization (order amount), the order is authorized at AuthorizeNET and then you can manually authorize from ecommerce backend order list. This is used for usual transactions
    • With Authorization (zero amount), all transactions are zero authorized. Capture is performed through AX or similar and you can carry out account verification checks to check the validity of a Visa/MasterCard Debit or credit card.
  • Select a Work Mode:
    • Choose Production when you are ready to go live
    • Choose Test to simulate payment transactions without involving real money transfers

Furthermore, you can:

  • Force tokenization forces the token to be saved on order or card for logged in users who have not chosen “Save card”
  • Customize any templates you want to use
    • The payment template renders the Cyber Source payment app
    • The Cancel and Error templates render cancellation and error messages
  • Select a Window Mode, if the payment window should redirect or if it should be embedded

The Cybersource provider also supports AVS validation:

  • Review AVS codes should contain the AVS codes you want to receive an AVS validation for
  • When Ignore AVS results is set, you will receive no AVS declines
  • Approve AVS Code should contain a comma-separated list of AVS codes which will permit the transaction to be approved

For more information on AVS validation and Cybersource, please see here and here.

You should test your setup thoroughly before going live.

You can use the following card numbers for testing purposes:

  • American Express: 3782 8224 6310 005
  • Discover: 6011 1111 1111 1117
  • JCB: 3566 1111 1111 1113
  • Maestro (International): 5033 9619 8909 17 / 5868 2416 0825 5333 38
  • Maestro (UK Domestic):  Issue number not required: 6759 4111 0000 0008
  • MasterCard: 5555 5555 5555 4444
  • UATP: 1354 1234 5678 911
  • VISA: 4111 1111 1111 1111

To test responses from CyberSource, you can make a series of payments with the test cards above and price ending in a certain way – CyberSource will then always return one of the standard responses from CyberSource.

The general testing responses are:


Expected response

purchaseTotals_grandTotalAmount = 1 
Info = Valid Transaction


purchaseTotals_grandTotalAmount = -1 
Info = Invalid Amount < $0


purchaseTotals_grandTotalAmount = 100000000000 
Info = Invalid Amount; amount too large


card_accountNumber = 
Info = Empty credit card number


card_accountNumber = 4111111111111112 
Info = Invalid Luhn Mod 10


card_accountNumber = 412345678912345678914 
Info = 21-digit credit card number; Mod 10 OK


card_expirationMonth = 13 
Info = Invalid expiration month


card_expirationYear = 1998 
Info = Expiration date passed


Once the integration is successfully tested in the developer test environment, you need to contact CyberSource in order to go live with the CyberSource checkout handler.