Decision Manager (DM) is the anti-fraud service provided by Cybersource. Although Cybersource DM can be run as part of the payment gateway as well, it can only be used as a standalone service in our system.


When you choose to use Cybersource as a payment gateway alongside Cybersource Decision Manager, you must configure the Extended Settings in the Cybersource Enterprise Business Centre (EBC). This will make sure the payment processing and anti-fraud checks run independently and allows our system to manage the status of the transaction correctly.

In EBC head over to Decision Manager -> Configuration -> Extended Settings, and then ensure the following values are unchecked.

  • Authorization-Card-Present
  • Authorization-Card Not Present


To configure a Decision Manager connection, you will need to set the following credentials. Each of these can be found in the EBC.

Merchant IDThe Merchant ID is provided by Cybersource during setup.
SOAP Toolkit KeyThis key needs to be generated in the Cybersource Enterprise Business Centre portal.
ThreatMetrix Org IDThis is the organization ID for use with ThreatMetrix device fingerprints. You will need to contact your Cybersource support representative for this value. A different value is expected for sandbox and production.

Device fingerprint

The device fingerprint passed to Cybersource is generated automatically by our device fingerprinting library. If you want to pass your own antiFraudFingerprint to Embed or to our API, please make sure to pass this anti-fraud fingerprint ID you used with Cybersource.


Webhooks for manual review

To enable manual review you will need to set up webhooks from your anti-fraud service to our system. This webhook is used to notify us when a review is accepted or rejected.

To get the webhook URL, head over to your connection by going to Connections -> [Anti-Fraud connection] -> Synchronization and copy the webhook URL.

Next, login to EBC and navigate to Decision Manager -> Configuration -> Extended Settings and paste the webhook URL into the Configure Order Status Notification input.

FConfiguration of the Gr4vy webhook

Configuration of the Gr4vy webhook URL

Decision mapping

Decisions received from Cybersource are mapped to Gr4vy decisions according to the following logic.

all othererror

If any of the data requirements below are not met, the decision will be skipped. If there was a technical issue reaching Forter the decision will return as an exception.

Buyer requirements

When using Decision Manager, we will only be able to fetch anti-fraud decisions if the transaction has a minimum set of required fields set on a buyer.

To call DM, the transaction must be associated with a buyer and the buyer must have the following fields populated.

  • First name
  • Last name
  • Email address
  • Line 1
  • City
  • Country
  • Postal code

If any of these values are not provided then the call to Cybersource Decision Manager can not be completed and the anti-fraud decision will result in a Skipped decision.

Additional Data

When any of the following attributes are associated with a transaction they will be sent to Cybersource Decision Manager as well.

  • The buyer’s shipping address
  • Any cart items

You can also pass custom merchant-defined data and a device fingerprint ID specifically for Cybersource Decision Manager using connection options.

Device fingerprinting

The use of device fingerprinting is highly recommended when using Cybersource DM. Please refer to our device fingerprinting guide for more information on our universal solution.

If needed, you could load the fingerprint script for Cybersource directly and pass the session_id value as the anti_fraud_fingerprint to the new transaction API.


Sandbox testing

Using the EBC portal you can create custom rules for Decision Manager. For example, you may choose to create a rule which marks a transaction for manual review given the postal code matches a specific value.

To test this rule you will need to perform the following steps in our dashboard.

  1. Create a Cybersource Decision Manager connection
  2. Create a buyer with a matching postal code
  3. Create a Flow rule to leverage the Cybersource Decision Manager connection
  4. Create a transaction using the newly created buyer