Prerequisites
When you choose to use Cybersource as a payment gateway alongside Cybersource Decision Manager, you must configure the Extended Settings in the Cybersource Enterprise Business Centre (EBC). This will make sure the payment processing and anti-fraud checks run independently and allows our system to manage the status of the transaction correctly. In EBC head over to Decision Manager -> Configuration -> Extended Settings, and then ensure the following values are unchecked.- Authorization-Card-Present
- Authorization-Card Not Present
Credentials
To configure a Decision Manager connection, you will need to set the following credentials. Each of these can be found in the EBC.| Credential | Description |
|---|---|
| Merchant ID | The Merchant ID is provided by Cybersource during setup. |
| SOAP Toolkit Key | This key needs to be generated in the Cybersource Enterprise Business Centre portal. |
| ThreatMetrix Org ID | This is the organization ID for use with ThreatMetrix device fingerprints. You will need to contact your Cybersource support representative for this value. A different value is expected for sandbox and production. |
Device fingerprint
The device fingerprint passed to Cybersource is generated automatically by our device fingerprinting library. If you want to pass your ownantiFraudFingerprint to
Embed or to our API, please make sure to pass this anti-fraud fingerprint ID you used with Cybersource.
Webhooks for manual review
To enable manual review you will need to set up webhooks from your anti-fraud service to our system. This webhook is used to notify us when a review is accepted or rejected. To get the webhook URL, head over to your connection by going to Connections -> [Anti-Fraud connection] -> Synchronization and copy the webhook URL. Next, login to EBC and navigate to Decision Manager -> Configuration -> Extended Settings and paste the webhook URL into the Configure Order Status Notification input.
Configuration of the webhook URL
Decision mapping
Decisions received from Cybersource are mapped to our decisions according to the following logic.| Cybersource decision | Our decision |
|---|---|
accept | accept |
reject | reject |
review | review |
error | error |
| all other | error |
skipped. If there was a
technical issue reaching Forter the decision will return as an exception.
Buyer requirements
When using Decision Manager, we will only be able to fetch anti-fraud decisions if the transaction has a minimum set of required fields set on a buyer. To call DM, the transaction must be associated with a buyer and the buyer must have the following fields populated.- First name
- Last name
- Email address
- Line 1
- City
- Country
- Postal code
Additional Data
When any of the following attributes are associated with a transaction they will be sent to Cybersource Decision Manager as well.- The buyer’s shipping address
- Any cart items
Device fingerprinting
The use of device fingerprinting is highly recommended when using Cybersource DM. Please refer to our device fingerprinting guide for more information on our universal solution. If needed, you could load the fingerprint script for Cybersource directly and pass thesession_id
value as the anti_fraud_fingerprint to the new transaction API.
Sandbox testing
Using the EBC portal you can create custom rules for Decision Manager. For example, you may choose to create a rule which marks a transaction for manual review given the postal code matches a specific value. To test this rule you will need to perform the following steps in our dashboard.- Create a Cybersource Decision Manager connection
- Create a buyer with a matching postal code
- Create a Flow rule to leverage the Cybersource Decision Manager connection
- Create a transaction using the newly created buyer