Decision Manager (DM) is the anti-fraud service provided by Cybersource. Although Cybersource DM can be run as part of the payment gateway as well, it can only be used as a standalone service in our system.
When you choose to use Cybersource as a payment gateway alongside Cybersource Decision Manager, you must configure the Extended Settings in the Cybersource Enterprise Business Centre (EBC). This will make sure the payment processing and anti-fraud checks run independently and allows our system to manage the status of the transaction correctly.
In EBC head over to Decision Manager -> Configuration -> Extended Settings, and then ensure the following values are unchecked.
- Authorization-Card Not Present
To configure a Decision Manager connection, you will need to set the following credentials. Each of these can be found in the EBC.
|The Merchant ID is provided by Cybersource during setup.
|SOAP Toolkit Key
|This key needs to be generated in the Cybersource Enterprise Business Centre portal.
|ThreatMetrix Org ID
|This is the organization ID for use with ThreatMetrix device fingerprints. You will need to contact your Cybersource support representative for this value. A different value is expected for sandbox and production.
The device fingerprint passed to Cybersource is generated automatically by our device fingerprinting library. If you want to pass your own
Embed or to our API, please make sure to pass this anti-fraud fingerprint ID you used with Cybersource.
Webhooks for manual review
To enable manual review you will need to set up webhooks from your anti-fraud service to our system. This webhook is used to notify us when a review is accepted or rejected.
To get the webhook URL, head over to your connection by going to Connections -> [Anti-Fraud connection] -> Synchronization and copy the webhook URL.
Next, login to EBC and navigate to Decision Manager -> Configuration -> Extended Settings and paste the webhook URL into the Configure Order Status Notification input.
Configuration of the Gr4vy webhook URL
Decisions received from Cybersource are mapped to Gr4vy decisions according to the following logic.
If any of the data requirements below are not met, the decision will be
skipped. If there was a
technical issue reaching Forter the decision will return as an
When using Decision Manager, we will only be able to fetch anti-fraud decisions if the transaction has a minimum set of required fields set on a buyer.
To call DM, the transaction must be associated with a buyer and the buyer must have the following fields populated.
- First name
- Last name
- Email address
- Line 1
- Postal code
If any of these values are not provided then the call to Cybersource Decision Manager can not be completed and the anti-fraud decision will result in a Skipped decision.
When any of the following attributes are associated with a transaction they will be sent to Cybersource Decision Manager as well.
- The buyer’s shipping address
- Any cart items
You can also pass custom merchant-defined data and a device fingerprint ID specifically for Cybersource Decision Manager using connection options.
The use of device fingerprinting is highly recommended when using Cybersource DM. Please refer to our device fingerprinting guide for more information on our universal solution.
If needed, you could load the fingerprint script for Cybersource directly and pass the
value as the
anti_fraud_fingerprint to the new transaction API.
Using the EBC portal you can create custom rules for Decision Manager. For example, you may choose to create a rule which marks a transaction for manual review given the postal code matches a specific value.
To test this rule you will need to perform the following steps in our dashboard.
- Create a Cybersource Decision Manager connection
- Create a buyer with a matching postal code
- Create a Flow rule to leverage the Cybersource Decision Manager connection
- Create a transaction using the newly created buyer