Cybersource Point-to-Point Integration

Cybersource Point-to-Point Integration

Cybersource Point-to-Point integration allows you to process authorization and deposit transactions between Order Management System and Cybersource using point-to-point communication. Authorization and deposit processing remains the same in Order Management System; however, instead of using integration layer jobs to process the transactions and send the transactions to the service bureau via the queues defined for the integration layer job, Order Management System communicates with Cybersource via web services using the Cybersource Simple Order API Client for Java to send the transactions directly to the Cybersource system for processing.

Proxy server: When processing payment transactions, you can define a proxy server to act as an intermediary in order to increase security. Order Management System sends transactions to the proxy server and the proxy server sends the transactions along to the payment processor. The PROXY_HOST and PROXY_PORT properties in Working with Admin Properties (CPRP) allow you to define the IP address and port number used to connect to the proxy server during payment processing. If these properties are blank, the system does not route payment transactions through a proxy server and instead calls the payment processor directly.

The Cybersource integration supports the following transactions for credit cards and debit (switch) cards:

OROMS Transaction	Cybersource Transaction	See:
token request	paySubscriptionCreate	Credit Card Tokenization in the Data Security and Encryption Guide
authorization request: • online • batch • token and authorization	ccAuthService	Performing Online Credit Card Authorizations and Using Batch Authorization
deposit request: • debit • credit • authorization and debit	ccCaptureService ccCreditService	Processing Auto Deposits (SDEP)
authorization reversal request	ccAuthReversalService	Credit Card Authorization Reversal

The integration also supports:

Process	See:
level II and level III processing	Level II and III Discounting
multicurrency	Multi Currency by Offer (E03) and Using Alternate Currency Pricing
card identification (CSV/CSP) for online transactions	Credit Card Security Service (CID, CVV2, CVC2)
Verified by Visa and MasterCard Secure Code programs	Credit Card Authentication Service
full address verification (AVS)	Address Verification Service (AVS)
deferred and installment billing	Deferred/Installment Billing Overview
Decision Manager	Cybersource Decision Manager Fraud Scoring

Required versions: To use the Cybersource Point-to-Point integration with Order Management System, you must be on version 1.57 of the Cybersource Transaction XSD and version 3.0 or later of Order Management System. To use the Cybersource Decision Manager Fraud Scoring, you must be on version 4.7 or later of Order Management System.

In this chapter:

• Cybersource Point-to-Point Integration Setup

• Cybersource Point-to-Point Tokenization Process

• Cybersource Point-to-Point Authorization Process

• Cybersource Decision Manager Fraud Scoring

• Cybersource Point-to-Point Deposit Process

• Cybersource Point-to-Point Authorization Reversal Process

• Sample Cybersource Transactions

• Cybersource Message Layouts

- Cybersource Token Request (paySubscriptionCreate) XML Message

- Cybersource Token Response (paySubscriptionCreate) XML Message

- Cybersource Authorization Request (ccAuthService) XML Message

- Cybersource Authorization Response (ccAuthService) XML Message

- Cybersource Token and Authorization Request (paySubscriptionCreate and ccAuthService) XML Message

- Cybersource Token and Authorization Response (paySubscriptionCreate and ccAuthService) XML Message

- Cybersource Debit Deposit Request (ccCaptureService) XML Message

- Cybersource Debit Deposit Response (ccCaptureService) XML Message

- Cybersource Credit Deposit Request (ccCreditService) XML Message

- Cybersource Credit Deposit Response (ccCreditService) XML Message

- Cybersource Authorization and Deposit Request (ccAuthService and ccCaptureService) XML Message

- Cybersource Authorization and Deposit Response (ccAuthService and ccCaptureService) XML Message

- Cybersource Authorization Reversal Request (ccAuthReversalService) XML Message

- Cybersource Authorization Reversal Response (ccAuthReversalService) XML Message

Cybersource Point-to-Point Integration Setup

Before you can use the Cybersource Point-to-Point integration, you must complete the required setup.

• Service Bureau Settings

• Cybersource Interface Properties

• Work with Pay Types (WPAY)

• Work with Order Types (WOTY)

• Security Key

• Decision Manager Fraud Scoring

• Credit Card Authorization Reversal

• Credit Card Tokenization

Service Bureau Settings

Use Defining Authorization Services (WASV) to create a service bureau for the Cybersource service that you will use to process authorizations and deposits via point-to-point communication.

Cybersource Setup using Point-to-Point
Service code	Must be CYB.
Application	Enter Auth/Deposit.
Merchant ID	Supplied by Cybersource.
Charge description	Enter CYBERSOURCE.
Request token	Select this field to perform credit card tokenization; otherwise, leave unselected.
Void auth at deposit	Select this field to void any unused portion of an authorization at deposit time; see Void Unused Authorization After Initial Deposit for processing details.
Send reversal	Select this field to perform a credit card authorization reversal when you process a cancellation associated with a credit card payment or deactivate a credit card payment; see Credit Card Authorization Reversal for processing details.
Integration layer processes	Leave these fields blank.
Media type	Enter Communication.
Batch/online	Enter Online or Batch.
Immediate response	Must be selected.
Immediate deposit	Leave unselected.
Primary authorization service	Must be .IL; see .IL Service Bureau Setup.
Communication type	Enter Payment Link to indicate messages sent to and from Cybersource are processed directly.
Response time	Defines the timeout property passed to Cybersource; this is the number of seconds Order Management System waits for a response from Cybersource. The recommended setting is 30 seconds. Note: Order Management System does not wait the entire response time if it is not necessary.
Test mode?	Not used for the Cybersource integration; the CYB_PAY_LINK_SERVICE_SEND_TO_PRODUCTION setting in Working with Customer Properties (PROP) defines whether transactions are sent to the Cybersource TEST server or PRODUCTION server.
Country codes	Define a cross reference between your country code and the country code used by Cybersource. Note: This option also indicates whether a service bureau performs address verification processing for the country; however, regardless of the AVS setting, Cybersource always performs address verification. See Defining Authorization Service Countries.
Currency codes	Define a cross reference between your currency code and the currency code used by the service bureau; see Defining Authorization Service Currencies.
Merchant ID Override	Define a merchant ID override for the different entities in your company; see Defining Merchant ID Overrides.
Paytype codes	Define a cross reference between your pay type code and the pay type code used by the service bureau; see Defining Vendor Paytype Codes.
Response codes	Define the reasons that the service bureau approves (authorizes) or declines a transaction. The codes are assigned to each transaction by the service bureau when approving or declining the request; see Defining Vendor Response Codes.

.IL Service Bureau Setup

To send transactions to Cybersource using Point-to-Point communication, create a service bureau using the service code.IL and enter a value in the following fields:

• Application: ATDP (authorization and deposit)

• Merchant ID: INTEGRATION LAYER

• Charge description: Integration Layer

• Media type: C (communications)

Enter the .IL service bureau in the Primary authorization service field for the Cybersource service bureau.

Cybersource Interface Properties

The Order Management System integration with Cybersource uses the Cybersource Simple Order API Client for Java as the communication protocol. The following properties are required to communicate with Cybersource.

CYB_PAY_LINK_SERVICE_KEY_DIRECTORY

The location of the encrypted security key file used by the web service API program to validate and secure transactions from Order Management System.

Note: When defining the location, use a single forward slash.

Example: /domain/conf/OMSFiles/Integrations/Cybersource/Key/, where domain is the WebLogic domain directory for Order Management System.

CYB_PAY_LINK_

SERVICE_LOG_

DIRECTORY

The location of the log written by the web service API program. Use this log to review the transactions processed between Order Management System and Cybersource.

Data security: For data security, Order Management System masks credit card information in this log.

Note: When defining the location, use a single forward slash.

Example: /domain/conf/OMSFiles/Integrations/Cybersource/Log/, where domain is the WebLogic domain directory for Order Management System.

Customer properties: Define the following settings in Working with Customer Properties (PROP).

CYB_PAY_LINK_SERVICE

The name of the external system. Set this to Cybersource.

CYB_PAY_LINK_

SERVICE_

ENABLE_LOG

Defines whether the web service logs request and response messages.

true = Order Management System writes request and response messages to the Cybersource log.

false = Order Management System does not write request and response messages to the Cybersource log.

Data security: Set this value to false unless you are troubleshooting the Order Management System integration with Cybersource. Once you are done troubleshooting, delete any log files that are created.

CYB_PAY_LINK_SERVICE_SEND_TO_PRODUCTION

Defines whether transactions are sent to the Cybersource TEST server or PRODUCTION server.

true = Order Management System sends transactions to the Cybersource PRODUCTION server.

false = Order Management System sends transactions to the Cybersource TEST server.

Cybersource Decision Manager Fraud Scoring Settings

CYB_PAY_LINK_

DECISION_MANAGER_

ENABLED

Defines whether Cybersource Decision Manager Fraud Scoring processing is enabled in the Order Management System Point-to-Point integration with Cybersource.

false = the Order Management System Point-to-Point integration with Cybersource does not support Decision Manager processing in Cybersource. Order Management System sends all authorization transactions to Cybersource with the decisionManager_enabled tag set to false, indicating Decision Manager processing should not occur. However, you can use Cybersource’s Decision Manager for authorization transactions you process on your web storefront.

true = the Order Management System Point-to-Point integration with Cybersource supports Decision Manager processing in Cybersource. Order Management System sends all authorization transactions to Cybersource with the decisionManager_enabled tag set to true, indicating Decision Manager processing should occur. See Cybersource Point-to-Point Decision Manager Process for more details.

CYB_PAY_LINK_

DECISION_MANAGER_

MERCHANT_ID_

OVERRIDE

The merchant ID provided by Cybersource to use during Decision Manager Fraud Scoring processing.

If this setting is blank, the system uses the following hierarchy to determine the merchant ID to use:

• Merchant # field in the CC Paytype Cross Ref table

• Merchant ID field in the Merchant ID Override table

• Merchant ID field in the Authorization Services table

CYB_PAY_LINK_DECISION_MANAGER_USER_ID

The user ID of the Cybersource user that has authority to retrieve Cybersource information for the Cybersource Decision Manager Update periodic function.

CYB_PAY_LINK_DECISION_MANAGER_PASSWORD

The password for the Cybersource user that has authority to retrieve Cybersource information for the Cybersource Decision Manager Update periodic function. See below for encryption steps.

Note: Password expiration can be controlled in Cybersource Decision Manager by setting the user to Report Download authority.

CYB_PAY_LINK_DECISION_MANAGER_SEND_TO_PRODUCTION

Defines whether transactions are sent to the Cybersource Decision Manager TEST server or PRODUCTION server.

true = Order Management System sends transactions to the Cybersource Decision Manager PRODUCTION server.

false = Order Management System sends transactions to the Cybersource Decision Manager TEST server.

Work with Pay Types (WPAY)

Use Working with Pay Types (WPAY) to define the CYB authorization and deposit service for each Cybersource pay type.

Work with Order Types (WOTY)

In order to perform online authorization on web orders, the Online Authorization setting for the order type on the web order must be set to Without Window. See Establishing Order Types (WOTY) for more information on setting up an order type.

Security Key

In order for the web service to work, you must generate a security key on the Cybersource Business Center web site. This file must be placed in the directory on the Order Management System application server that is defined in the CYB_PAY_LINK_SERVICE_KEY_DIRECTORY property.

See Appendix A - Generating and Verify Security Keys in the Cybersource Simple Order API for Java Developers Guide for instructions on how to generate a key.

Decision Manager Fraud Scoring

If you have set the CYB_PAY_LINK_DECISION_MANAGER_ENABLED to true, you must complete the following setup for fraud scoring.

Order hold reasons for fraud scoring:

Hold Code	Assigned When
FC Fraud Cancellation Hold	The Cybersource Decision Manager Update Process retrieves order information from Decision Manager for orders that were marked as review during the Cybersource Decision Manager Review Process. If the new decision assigned to the order is REJECT, indicating a user in Decision Manager reviewed the order and rejected the order, Order Management System: • cancels the entire order using the cancel reason code defined in the Fraud Score Cancel Reason Code (M14) system control value. • If the entire order cannot be cancelled, the system places the order on FC Fraud Cancellation hold.
FS Fraud Scoring Hold	The online authorization transaction sent to Cybersource for the credit card payment on the order was evaluated by Cybersource Decision Manager Fraud Scoring and, based on the Decision Manager Order Profile settings, requires review for possible fraud.

Hold Code

Assigned When

Fraud Cancellation Hold

The Cybersource Decision Manager Update Process retrieves order information from Decision Manager for orders that were marked as review during the Cybersource Decision Manager Review Process. If the new decision assigned to the order is REJECT, indicating a user in Decision Manager reviewed the order and rejected the order, Order Management System:

• cancels the entire order using the cancel reason code defined in the Fraud Score Cancel Reason Code (M14) system control value.

• If the entire order cannot be cancelled, the system places the order on FC Fraud Cancellation hold.

Fraud Scoring Hold

The online authorization transaction sent to Cybersource for the credit card payment on the order was evaluated by Cybersource Decision Manager Fraud Scoring and, based on the Decision Manager Order Profile settings, requires review for possible fraud.

Note: These order hold reasons are delivered with the system in Establishing Order Hold Reason Codes (WOHR); see Introducing Order Hold Reason Codes for an overview.

Vendor response codes for fraud scoring: Define the reasons that the Cybersource service bureau declines a transaction due to fraud scoring; see Defining Vendor Response Codes.

Reason Code	Description
400	Fraud Score Exceeds Threshold. Enter hold reason FS Fraud Scoring Hold to place the order on hold when an online authorization transaction receives this vendor response code from Cybersource.
480	Review Fraud Scoring. Enter hold reason FS Fraud Scoring Hold to place the order on hold when an online authorization transaction receives this vendor response code from Cybersource.
481	Rejected by Decision Manager. Enter hold reason FS Fraud Scoring Hold to place a web order on hold when an online authorization transaction receives this vendor response code from Cybersource. Define a pop-up window message to display on the Select Authorization Response Option Window. Note: If the reason code returned from Cybersource is 481, the system deactivates the payment method on the order and requires you to enter another form of payment before you can accept the order.

System control values for fraud scoring:

System Control Value	Description
Fraud Score Cancel Reason Code (M14)	Enter the cancel reason code the system assigns to an order that is automatically cancelled due to the fraud scoring results from Cybersource Decision Manager. Cancel reason codes are defined in and validated against the Cancel Reason Code table; see Establishing Cancel Reason Codes (WCNR).
Product Classification for Fraud Scoring (M15)	Defines the product classification Order Management System sends to Cybersource during Cybersource Decision Manager Fraud Scoring. • ITM CLASS = Order Management System maps the item’s item class description to the ProductCode in the Cybersource Authorization Request (ccAuthService) XML Message when Cybersource Decision Manager Fraud Scoring is enabled. • ITM CATGRY = Order Management System maps the item’s item category description to the ProductCode in the Cybersource Authorization Request (ccAuthService) XML Message when Cybersource Decision Manager Fraud Scoring is enabled. Note: It is your responsibility to set up the item class description or item category description to match the correct value required by Cybersource Decision Manager.

System Control Value

Description

Fraud Score Cancel Reason Code (M14)

Enter the cancel reason code the system assigns to an order that is automatically cancelled due to the fraud scoring results from Cybersource Decision Manager.

Cancel reason codes are defined in and validated against the Cancel Reason Code table; see Establishing Cancel Reason Codes (WCNR).

Product Classification for Fraud Scoring (M15)

Defines the product classification Order Management System sends to Cybersource during Cybersource Decision Manager Fraud Scoring.

• ITM CLASS = Order Management System maps the item’s item class description to the ProductCode in the Cybersource Authorization Request (ccAuthService) XML Message when Cybersource Decision Manager Fraud Scoring is enabled.

• ITM CATGRY = Order Management System maps the item’s item category description to the ProductCode in the Cybersource Authorization Request (ccAuthService) XML Message when Cybersource Decision Manager Fraud Scoring is enabled.

Note: It is your responsibility to set up the item class description or item category description to match the correct value required by Cybersource Decision Manager.

Product classification for fraud scoring: Based on the setting of the Product Classification for Fraud Scoring (M15) system control value, set up the item class description or item category description to match the correct value required by Cybersource Decision Manager.

Product codes used by Cybersource services are:

• adult_content: Adult content.

• coupon: Coupon applied to the entire order.

• default: Product classification has not been defined for the product.

• electronic_good: Electronic product other than software.

• electronic_software: Software distributed electronically rather than on disks or other media.

• handling_only: Fee that you charge the customer to cover administrative selling costs.

• service: Service that you perform for the customer.

• shipping_and_handling: The shipping portion is the charge for shipping the product to the customer. The handling portion is the fee you charge the customer to cover your administrative selling costs.

• shipping_only: Charge for transporting tangible personal property from your location to the customer. You must maintain documentation that clearly establishes the location where the title to the property passed from you to the customer.

• subscription: Subscription to a web site or other content.

Ship via service level for fraud scoring: Use the Create Ship Via (2 of 2) Screen to define a Service Level field for each ship via. Order Management System maps the Service Level for the ship via to the shipTo ShippingMethod in the Cybersource Authorization Request (ccAuthService) XML Message when the Cybersource Decision Manager Fraud Scoring is enabled. Valid values are:

• sameday: Courier or same day service.

• oneday: Next day or overnight service.

• twoday: Two day service.

• threeday: Three day service.

• lowcost: Lowest cost service

• pickup: Store pickup

• other: Other shipping method.

• none: No shipping method because product is a service or subscription.

When a ShippingMethod is defined for a ship to in the ccAuthService message, the shipping address is not automatically added to the Decision Manager negative list. You can add a shipping address to the negative list using the Transaction Marking Tool; see Marking Order Data During Order Review in the Case Management section of the Decision Manager User Guide.

Note: To use a custom value, create a Decision Manager custom rule with the shipping method order element.

Cybersource Decision Manager Update periodic function: Use the Work with Periodic Function (WPER) menu option to create the CYBDMUP Cybersource Decision Mgr Upd periodic function (program name PFCYBDMUP). Assign this periodic function to a periodic process. Schedule this periodic process to run during the time period when users in Decision Manager are releasing orders from hold; for example, you might wish to run this every hour during business hours.

Note: The CYBDMUP Cybersource Decision Mgr Upd periodic function retrieves information on orders that have been evaluated by the fraud scoring process and managed in Decision Manager using the Cybersource Decision Manager On Demand Conversion Report. The Cybersource Decision Manager On Demand Conversion Report is available in the Cybersource test environment for 2 weeks and is available in the Cybersource production environment for 18 months.

Decision Manager setup in Cybersource: In addition to the setup required in Order Management System to use Cybersource Decision Manager, you must complete setup in the Cybersource Business Center. Contact your Cybersource representative for more information on the setup required in the Cybersource Business Center to use the Decision Manager application.

Credit Card Authorization Reversal

The Order Management System integration with Cybersource supports credit card authorization reversal. See Credit Card Authorization Reversal for an overview and processing details. The setup required for credit card authorization reversal is as follows.

For the CYB service bureau in Defining Authorization Services (WASV), select the Send reversal field to indicate the Cybersource service bureau supports credit card authorization reversal.

System control value for authorization reversal:

System Control Value	Description
Use Activation / Reversal Batch Processing (I50)	Must be unselected. If unselected, you must start the SVC_REVSL integration layer job to monitor for new authorization reversal triggers to process immediately.

Credit Card Tokenization

The Order Management System integration with Cybersource supports credit card tokenization using a 16 digit token. See Credit Card Tokenization in the Data Security and Encryption Guide for an overview and processing details. The setup required for credit card tokenization is as follows.

Note:

• The Cybersource integration with Order Management System supports a 16 digit token. Contact Cybersource Customer Support to have your account configured for 16 digit tokens instead of 22 digit values for the subscription ID. The size of the subscription ID affects all customer profiles you create.

• A Cybersource token (subscription ID) never expires, and is removed from the Cybersource system only when deleted by the merchant. Although the token itself never expires, the card information associated with it, such as credit card expiration date, may, requiring an update.

For the CYB service bureau in Defining Authorization Services (WASV), select the Request token field to indicate the Cybersource service bureau supports credit card tokenization. You can select this field only if the Use Credit Card Tokenization (L18) system control value is selected.

System control values for credit card tokenization:

System Control Value	Description
Use Credit Card Tokenization (L18)	Select this system control value to replace the credit card number in the Order Management System database with a token provided by Cybersource. In addition, the number will be encrypted if you have credit card encryption enabled.
Require Credit Card Token (L40)	Select this system control value to require a token for a credit card number. This ensures that credit card numbers are never stored in the Order Management System database and follows full PCI compliance and maximum security of sensitive data. If the Credit Card Tokenization Process is unable to replace the card number with a token, the system: • During Order Entry/Maintenance, Customer Memberships, and Change Invoice Payment Method: displays the Tokenization Warning window, requiring you to enter a different form of payment. • During web order processing: replaces the credit card number with the text TOKENIZATION FAILED and places the order in an error status with the reason Invalid Credit Card. You can correct the credit card payment method and resend the card for tokenization in batch order entry. Unselect this system control value to allow the system to accept a credit card number that has not been replaced with a token. The credit card number will be replaced by a token during authorization processing or when you use Work with Batch Tokenization (WBTK). Note: If you change the setting of this system control value, you must stop and restart the ORDER_IN integration layer job before your change takes effect for orders received through the Generic Order Interface (Order API).

System Control Value

Description

Use Credit Card Tokenization (L18)

Select this system control value to replace the credit card number in the Order Management System database with a token provided by Cybersource. In addition, the number will be encrypted if you have credit card encryption enabled.

Require Credit Card Token (L40)

Select this system control value to require a token for a credit card number. This ensures that credit card numbers are never stored in the Order Management System database and follows full PCI compliance and maximum security of sensitive data.

If the Credit Card Tokenization Process is unable to replace the card number with a token, the system:

• During Order Entry/Maintenance, Customer Memberships, and Change Invoice Payment Method: displays the Tokenization Warning window, requiring you to enter a different form of payment.

• During web order processing: replaces the credit card number with the text TOKENIZATION FAILED and places the order in an error status with the reason Invalid Credit Card. You can correct the credit card payment method and resend the card for tokenization in batch order entry.

Unselect this system control value to allow the system to accept a credit card number that has not been replaced with a token. The credit card number will be replaced by a token during authorization processing or when you use Work with Batch Tokenization (WBTK).

Note: If you change the setting of this system control value, you must stop and restart the ORDER_IN integration layer job before your change takes effect for orders received through the Generic Order Interface (Order API).

Cybersource Point-to-Point Tokenization Process

Order Management System performs the following steps when you perform tokenization using point-to-point communication with Cybersource.

Note: Cybersource refers to a token as a customer profile which has a submitter’s ID or token. You can configure your account in Cybersource to perform preauthorization and fraud checking based on the payment method for the new customer profile.

For more information: See Credit Card Tokenization in the Data Security and Encryption Guide for an overview on tokenization and processing details.

1.	Order Management System looks at the Communication type field for the CYB service bureau to determine how transactions are processed between Order Management System and the Cybersource service bureau. For the Cybersource integration with Order Management System, the setting is Payment Link indicating Point-to-Point communication. The system sends token transactions directly to the Cybersource service bureau.
2.	If the Communication type field for the service bureau is Payment Link, Order Management System creates the Cybersource Token Request (paySubscriptionCreate) XML Message. Note: Order Management System removes any non-standard keyboard characters from the XML message before sending it to Cybersource. The system also writes the token request message to the Trace Log if its Logging Level is set to DEBUG. Order Management System masks the card number in the log based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value. • If the Display Partial Credit Card Number in Logs (J16) system control value is selected in any company, the system displays the last four digits of the credit card number in the log; for example ***********1111. If the credit card number is 4 digits or less, the entire credit card number displays as *******. • If the Display Partial Credit Card Number in Logs (J16)* system control value is unselected in every company, the system replaces the credit card number in the log with the word *REMOVED*.
3.	Order Management System uses the settings in the Cybersource Interface Properties to send the Cybersource Token Request (paySubscriptionCreate) XML Message directly to the Cybersource service bureau. Communication failure: The system tries to connect to Cybersource 3 times before flagging a transaction with a 150 General System Failure response code. If a transaction fails, any subsequent transactions will continue to process. If the CYB_PAY_LINK_SERVICE_ENABLE_LOG property setting is set to true, the system writes the token request message to the Cybersource web service log defined in the CYB_PAY_LINK_SERVICE_LOG_DIRECTORY. Order Management System masks the information in this log.
4.	Once Order Management System sends the token request to Cybersource, the system waits for a response to the token request using the number of seconds defined in the Response time field for the CYB service bureau.
5.	The Cybersource service bureau receives the Cybersource Token Request (paySubscriptionCreate) XML Message, processes the request, and sends the Cybersource Token Response (paySubscriptionCreate) XML Message back to Order Management System.
6.	Order Management System receives the Cybersource Token Response (paySubscriptionCreate) XML Message and processes the response. If the CYB_PAY_LINK_SERVICE_ENABLE_LOG property setting is set to true, the system writes the token response to the Cybersource web service log defined in the CYB_PAY_LINK_SERVICE_LOG_DIRECTORY. Order Management System masks the information in this log. The system writes the token response to the Trace Log if its Logging Level is set to DEBUG. Order Management System masks the card number in the log based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value. • If the Display Partial Credit Card Number in Logs (J16) system control value is selected in any company, the system displays the last four digits of the credit card number in the log; for example ***********1111. If the credit card number is 4 digits or less, the entire credit card number displays as *******. • If the Display Partial Credit Card Number in Logs (J16)* system control value is unselected in every company, the system replaces the credit card number in the log with the word *REMOVED*.
7.	See the Security document for the updates that take place in Order Management System, depending on whether the tokenization transaction was approved or declined by the service bureau.

Cybersource Point-to-Point Authorization Process

Order Management System performs the following steps when you process authorizations using point-to-point communication with Cybersource.

Request token? If you do not use credit card tokenization with Cybersource, the system sends a Cybersource Authorization Request (ccAuthService) XML Message to Cybersource.

If you use credit card tokenization with Cybersource and:

• The credit card number for the payment requesting authorization has already been replaced with a token, the system sends a Cybersource Authorization Request (ccAuthService) XML Message to Cybersource.

• The credit card number for the payment requesting authorization has not been replaced with a token, the system sends a Cybersource Token and Authorization Request (paySubscriptionCreate and ccAuthService) XML Message to Cybersource.

Perform fraud scoring? If the CYB_PAY_LINK_DECISION_MANAGER_ENABLED property setting is true, the system sends online authorization transactions to Cybersource with the decisionManager_enabled tag set to true, indicating Decision Manager processing should occur. See Cybersource Decision Manager Fraud Scoring for processing details.

Manual authorizations: Cybersource supports manual authorizations only if the manual authorization contains an authorization number, authorization date, authorization amount, and a valid authorization request ID (transaction ID) from Cybersource. If the manual authorization is not associated with a valid transaction ID from Cybersource, Cybersource will reject the deposit transaction because it is not associated with a valid authorization from Cybersource.

To define a manual authorization for a credit card payment that uses Cybersource as its service bureau:

• Orders received through the Generic Order Interface (Order API) must contain an auth_number, auth_date, auth_amount and a transaction_id that was obtained from Cybersource.

• Orders entered in Order Management System should go out to Cybersource for authorization before deposit processing. You can perform authorization during order entry, order maintenance or pick slip generation.

For more information: See:

• Performing Online Credit Card Authorizations for an overview on online authorizations and processing details.

• Using Batch Authorization for an overview on batch authorizations and processing details.

• Credit Card Tokenization in the Data Security and Encryption Guide for an overview on tokenization and processing details

1.	Order Management System looks at the Communication type field for the CYB service bureau to determine how transactions are processed between Order Management System and the Cybersource service bureau. For the Cybersource integration with Order Management System, the setting is Payment Link indicating Point-to-Point communication. The system sends authorization transactions directly to the Cybersource service bureau.
2.	If the Communication type field for the service bureau is Payment Link, Order Management System creates the authorization request. Credit Card Tokenization? • If you do not use credit card tokenization with Cybersource, the system sends a Cybersource Authorization Request (ccAuthService) XML Message to Cybersource. • If you use credit card tokenization with Cybersource and: - The credit card number for the payment requesting authorization has already been replaced with a token, the system creates the Cybersource Authorization Request (ccAuthService) XML Message. - The credit card number for the payment requesting authorization has not been replaced with a token, the system creates the Cybersource Token and Authorization Request (paySubscriptionCreate and ccAuthService) XML Message. In this situation, the system sends an authorization request and also requests to replace the credit card number with a token. Decision Manager Fraud Scoring? If the CYB_PAY_LINK_DECISION_MANAGER_ENABLED property is true and you are processing an online authorization transaction, the system sends the online authorization transaction to Cybersource with the decisionManager_enabled tag set to true, indicating Decision Manager processing should occur. See Cybersource Decision Manager Fraud Scoring for processing details. Note: Order Management System removes any non-standard keyboard characters from the XML message before sending it to Cybersource.
3.	The system writes the authorization request message to the Trace Log if its Logging Level is set to DEBUG. Order Management System masks the card number in the log based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value. • If the Display Partial Credit Card Number in Logs (J16) system control value is selected in any company, the system displays the last four digits of the credit card number in the log; for example ***********1111. If the credit card number is 4 digits or less, the entire credit card number displays as *******. • If the Display Partial Credit Card Number in Logs (J16)* system control value is unselected in every company, the system replaces the credit card number in the log with the word *REMOVED*.
4.	Order Management System uses the settings in Working with Customer Properties (PROP) to send the authorization request directly to the Cybersource service bureau. Communication failure: The system tries to connect to Cybersource 3 times before flagging a transaction with a 150 General System Failure response code. If a transaction fails, any subsequent transactions will continue to process. If the CYB_PAY_LINK_SERVICE_ENABLE_LOG property is set to true, the system writes the authorization request message to the Cybersource web service log defined in the CYB_PAY_LINK_SERVICE_LOG_DIRECTORY. Order Management System masks the information in this log.
5.	Once Order Management System sends the authorization request to Cybersource, the system waits for a response to the authorization request using the number of seconds defined in the Response time field for the CYB service bureau.
6.	The Cybersource service bureau receives the authorization request, processes the request, and sends the authorization response back to Order Management System. • If the authorization was processed using a token, Cybersource sends the Cybersource Authorization Response (ccAuthService) XML Message to Order Management System. • If the authorization also requested a token, Cybersource sends the Cybersource Token and Authorization Response (paySubscriptionCreate and ccAuthService) XML Message to Order Management System.
7.	Order Management System receives the authorization response and processes the response: If the CYB_PAY_LINK_SERVICE_ENABLE_LOG setting in the property is set to true, the system writes the authorization response to the Cybersource web service log defined in the CYB_PAY_LINK_SERVICE_LOG_DIRECTORY. Order Management System masks the information in this log. The system writes the authorization response to the Trace Log if its Logging Level is set to DEBUG. Order Management System masks the card number in the log based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value. • If the Display Partial Credit Card Number in Logs (J16) system control value is selected in any company, the system displays the last four digits of the credit card number in the log; for example ***********1111. If the credit card number is 4 digits or less, the entire credit card number displays as *******. • If the Display Partial Credit Card Number in Logs (J16)* system control value is unselected in every company, the system replaces the credit card number in the log with the word *REMOVED*.
8.	See: Online authorizations: What Happens When a Credit Card is Approved? and What Happens When a Credit Card is Declined? for the updates that take place in Order Management System, depending on whether the online authorization transaction was approved or declined by the service bureau. Decision Manager Fraud Scoring: Cybersource Decision Manager Fraud Scoring for the updates that take place in Order Management System, depending on the fraud score assigned to the online authorization transaction. Batch authorizations: Approved Authorizations and Declined Authorizations for the updates the take placed in Order Management System, depending on whether the batch authorization transaction was approved or declined by the service bureau. Tokenization: *Credit Card Tokenization* in the Data Security and Encryption Guide for the updates that take place in Order Management System, depending on whether a token is returned in the authorization transaction. Placing the credit card on hold: The credit card pay type may be placed on hold if the credit card is not approved, the AVS verification fails, or if the credit card identification fails. See Hierarchy for Placing the Credit Card On Hold for more information on the hierarchy the system uses to determine if the credit card pay type should go on hold.

Cybersource Decision Manager Fraud Scoring

Decision Manager is a service provided by Cybersource that allows you to use pre-defined and custom business rules to automatically identify orders that require further screening for fraud.

Based on the Decision Manager business rules, the order and payment information included in the authorization transaction, and the reply data received from the credit card authorization, Decision Manager determines which orders:

• have a low risk for fraud and can be immediately processed,

• have a higher probability for fraud and should be placed on hold for further review,

• are likely fraudulent and should be canceled.

Authorization transactions that are placed on hold for further review are assigned to a case management work queue where a user can review the transaction and decide whether to accept or reject it.

For more information: Contact your Cybersource representative for the following documentation:

• Decision Manager Planning Guide for more information on how to implement Decision Manager to suit your business requirements and the complex processing that occurs in Decision Manager when evaluating an order for fraud.

• Decision Manager User Guide for more information on how to configure your Decision Manager Account in the Business Center and how to use Decision Manager for case management tasks.

• Decision Manager Reporting Guide for more information on the reports that are generated when you use Decision Manager services.

Cybersource Decision Manager Process

The CYB_PAY_LINK_DECISION_MANAGER_ENABLED property defines whether Cybersource Decision Manager Fraud Scoring processing is enabled in the Order Management System Point-to-Point integration with Cybersource.

• If this setting is false, the Order Management System Point-to-Point integration with Cybersource does not support Decision Manager processing in Cybersource. Order Management System sends all authorization transactions to Cybersource with the decisionManager_enabled tag set to false, indicating Decision Manager processing should not occur. However, you can use Cybersource’s Decision Manager for authorization transactions you process on your web storefront.

• If this setting is true, the Order Management System Point-to-Point integration with Cybersource supports Decision Manager processing in Cybersource. Order Management System sends all online authorization transactions to Cybersource with the decisionManager_enabled tag set to true, indicating Decision Manager processing should occur.

If the decisionManager_enabled tag in an online authorization request is set to true, Order Management System performs additional processing during the Cybersource Point-to-Point Authorization Process.

Note:

• Decision Manager Fraud Scoring occurs during online authorization processing only and does not occur for any batch authorization transaction.

• Cybersource performs Decision Manager Fraud Scoring after the online authorization transaction and any additional processing such as address verification is approved; if the online authorization transaction or additional processing is not approved, Cybersource does not perform Decision Manager Fraud Scoring against the order.

• The Decision Manager response and reason code are not stored in Order Management System.

• The Decision Manager Fraud Scoring process below describes fraud scoring for online transactions that occur during interactive order entry or when a web order is received into Order Management System. For web orders that receive an online authorization transaction before being sent to Order Management System:

- If the web authorization transaction was approved by Decision Manager, the order is received into Order Management System with no additional processing.

- If the web authorization transaction was marked as REVIEW by Decision Manager, the order is received into Order Management System with the FS Fraud Scoring hold reason code so that the order can be placed in a Held status.

- If the web authorization transaction was marked as REJECT by Decision Manager, the order is not sent to Order Management System.

1.	When Order Management System creates the online authorization request to send to Cybersource, if Decision Manager is enabled, the system includes additional information in the Cybersource Authorization Request (ccAuthService) XML Message: • the decisionManager enabled tag is set to true • billTo name and address information • shipTo name and address information • item information
2.	If the online authorization transaction is approved, the system uses the Decision Manager settings in Working with Customer Properties (PROP) to connect to the Cybersource Decision Manager application.
3.	Decision Manager uses the information in the Cybersource Authorization Request (ccAuthService) XML Message, the reply data received from the credit card authorization, and any additional processing to evaluate the order for fraud scoring. Decision Manager automatically accepts an order unless a business rule causes the order to be rejected or marked for review. • Decision state REJECT indicates the order failed decision manager fraud scoring. Even if the authorization was approved, the order should not be processed. • Decision state REVIEW indicates the order is flagged as possible fraud and needs to be reviewed by a user. Orders that receive a REVIEW decision are assigned to a case management work queue where a user can review the order and decide whether to accept or reject it.
4.	Cybersource sends the Cybersource Authorization Response (ccAuthService) XML Message back to Order Management System, including the results of the Decision Manager fraud score. The replyMessage decision setting in the response indicates whether the online authorization transaction was approved or declined by Decision Manager: • ACCEPT indicates Cybersource approved the transaction. • REVIEW indicates Cybersource Decision Manager marked the order for review for further analysis. The credit card authorization remains approved and valid, but the order may or may not be processed at a later time. • ERROR indicates an error occurred while Cybersource was processing the transaction. • REJECT indicates Cybersource Decision Manager rejected the transaction.
	If the decision was REVIEW or REJECT, the replyMessage reasonCode provides additional information for the decision. • 400 indicates the fraud score exceeds your threshold. • 480 indicates the order is marked for review by Decision Manager. • 481 indicates the order is rejected by Decision Manager.
	The response includes additional information related to Decision Manager in the afsReply, such as the total fraud score calculated for the order, the risk associated with the customer’s email domain, information that affected the score of the order, and whether the customer has a high order velocity.
	Note: The ccAuthReply reasonCode provides the reason the authorization transaction was approved or rejected by the authorization service; see Cybersource Point-to-Point Authorization Process for more information on the processing that occurs when an credit card authorization is approved or declined by Cybersource.
5.	Order Management System receives the online authorization response and processes the response. • If the decision setting in the response is REVIEW (reason code 480), Order Management System places the order on FS Fraud Scoring hold. See Cybersource Decision Manager Review Process for more information. • If the decision setting in the response is REJECT (reason code 481), Order Management System deactivates the credit card payment and requires you to add another form of payment before you can accept the order. See Cybersource Decision Manager Reject Process for more information. • If the decision setting in the response is ACCEPT, Order Management System accepts the order; see What Happens When a Credit Card is Approved? for the updates that take place in Order Management System when an online authorization transaction is approved by the service bureau.

Cybersource Decision Manager Review Process

When an online authorization transaction is marked as REVIEW by Decision Manager, Order Management System:

• places the order on hold using the hold reason defined for the REVIEW vendor response (response code 480). Typically, you would define hold reason FS Fraud Scoring hold for vendor response 480.

• creates an order transaction history message indicating the order was placed on FS Fraud Scoring Hold; for example:

Type	Transaction Note	Amount	User
HOLD	SYS HLD - Fraud Scoring Hold	120.00	your admin user

Orders that receive a REVIEW decision are assigned to a case management work queue in Decision Manager. A user must log in to Decision Manager to review the order and decide whether to accept or reject it.

Cybersource Decision Manager Update Process

At scheduled intervals, run the CYBDMUP Cybersource Decision Manager Update periodic function to retrieve information on orders that have been evaluated by the fraud scoring process and managed in Decision Manager since the last time the periodic function was run.

Note: Run this periodic function by company. Decision Manager returns information for all Order Management System orders across companies; however, Order Management System only processes the orders in the current company.

The periodic function:

• uses the CYB_PAY_LINK_SERVICE_SEND_TO_PRODUCTION property to determine whether to connect to the test or production server.

• uses the CYB_PAY_LINK_DECISION_MANAGER_USER_ID and CYB_PAY_LINK_DECISION_MANAGER_PASSWORD properties to connect to Decision Manager.

• requests order information in the Decision Manager On Demand Conversion Report based on the merchant ID defined in the CYB_PAY_LINK_DECISION_MANAGER_MERCHANT_ID_OVERRIDE property. If this setting is blank, the system uses the following hierarchy to determine the merchant ID to use:

- Merchant # field in the CC Paytype Cross Ref table

- Merchant ID field in the Merchant ID Override table

- Merchant ID field in the Authorization Services table

Identifying orders: Order Management System uses the RequestID returned from Decision Manager and the TransactionID in the Authorization History table to match the order information returned from Decision Manager to an order in Order Management System. The system processes responses from Decision Manager only for the company where you executed the periodic function.

Log: You can review the information sent to Cybersource and the response received from Cybersource in the TRACE log if its logging level is set to DEBUG; for example:

The Cybersource Decision Manager Update process sends the following Information to Cybersource:

13:24:04,011 DEBUG TRACE - CybersourceReportBO.loadReportDates - Current Date (GMT) - 2014-06-2417:24:04

13:24:04,011 DEBUG TRACE - CybersourceReportBO.loadReportDates - Yesterdays Date (GMT) - 2014-06-2313:24:04

13:24:04,058 DEBUG TRACE - CybersourceReportBO.loadReportDates - Last Run End Date (GMT) - 2014-06-2400:00:00

13:24:04,058 DEBUG TRACE - CybersourceReportBO.loadReportDates - Conversion Report request - ON_DEMAND for 2014-06-24.

13:24:04,058 DEBUG TRACE - CybersourceReportBO.loadReportDates - Start :2014-06-24 00:00:00

13:24:04,058 DEBUG TRACE - CybersourceReportBO.loadReportDates - End :2014-06-24 17:24:04

13:24:04,058 DEBUG TRACE - Cybersource Decision Manager Converison Detail Report properties - STARTUP

13:24:04,058 DEBUG TRACE - OnDemand Report URL :https://ebctest.cybersource.com/ebctest/ConversionDetailReportRequest.do

13:24:04,058 DEBUG TRACE - Daily Report URL :https://ebctest.cybersource.com/ebctest/DownloadReport/<year>/<month>/<day>/<merchantid>/ConversionDetailReport.xml

13:24:04,058 DEBUG TRACE - Production :false

13:24:04,058 DEBUG TRACE - Company : 7

13:24:04,058 DEBUG TRACE - Auth Service : CYB

13:24:04,058 DEBUG TRACE - MerchantID : mr

13:24:04,058 DEBUG TRACE - Username : mr

13:24:04,058 DEBUG TRACE - Start Date : 2014-06-24

13:24:04,058 DEBUG TRACE - Start Time : 00:00:00

13:24:04,058 DEBUG TRACE - End Date : 2014-06-24

13:24:04,058 DEBUG TRACE - End Time : 17:24:04

13:24:04,074 DEBUG TRACE - OnDemand or Daily : ON_DEMAND

13:24:04,074 DEBUG TRACE - Error : false

13:24:04,074 DEBUG TRACE - Update dates : false

13:24:04,074 DEBUG TRACE - Cybersource Decision Manager On Demand Report query: merchantID=username=mr&password=Serenade20141&startDate=2014-06-24&startTime=00%3A00%3A00&endDate=2014-06-24&endTime=17%3A24%3A04

The Cybersource Decision Manager Update process receives the following information from Cybersource:

13:24:07,215 DEBUG TRACE - Cybersource Decision Manager On Demand Report response: <?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE Report SYSTEM "https://ebctest.cybersource.com/ebctest/reports/dtd/cdr.dtd">

<?xml-stylesheet type="text/xsl" href="https://ebctest.cybersource.com/ebctest/reports/xsl/ConversionDetailReport.xsl"?>

<OriginalDecision>REVIEW</OriginalDecision>

<NewDecision>ACCEPT</NewDecision>

<ReviewerComments>Approved by KAB | Issuer verified name and address.</ReviewerComments>

<Notes>

</Notes>

<Queue>Example</Queue>

<Profile>Example</Profile>

</Conversion>

<OriginalDecision>REVIEW</OriginalDecision>

<NewDecision>REJECT</NewDecision>

<ReviewerComments>Rejected by KAB | Fraud.</ReviewerComments>

<Notes>

</Notes>

<Queue>Example</Queue>

<Profile>Example</Profile>

</Conversion>

</Report>

13:24:07,230 DEBUG TRACE - CybersourceReportBO.processConversion - RequestId: 4036289939370176056470

13:24:07,371 DEBUG TRACE - CybersourceReportBO.processConversion get AUH successful ACCEPT - RequestId: 4036289939370176056470 Order - 7-4917

13:24:07,402 DEBUG TRACE - CybersourceReportBO.processConversion - RequestId: 4036303746210176056470

13:24:07,418 DEBUG TRACE - CybersourceReportBO.processConversion get AUH successful REJECT - RequestId: 4036303746210176056470 Order - 7-4918

If new decision is ACCEPT: If a user in Decision Manager accepted the order, Order Management System:

• releases the order from the FS Fraud Scoring hold.

• creates an order transaction history message indicating the order was released from hold; for example:

Type	Transaction Note	Amount	User
RELEASE	Removed Fraud Scoring hold		your admin user

• creates one or more order messages for any notes or reviewer comments made on the order in Decision Manager; for example:

Messages	Print	User
APPROVED BY KAB \| ISSUER VERIFIED NAME AND ADDRESS	Nowhere	your admin user
TOOK OWNERSHIP	Nowhere	your admin user

If new decision is REJECT: If a user in Decision Manager rejected the order, Order Management System:

• cancels the entire order using the cancel reason code defined in the Fraud Score Cancel Reason Code (M14) system control value.

- If the cancel reason code reduces demand, the order status and line status update to Closed and the quantity ordered is decreased by the quantity cancelled; 0 displays if the entire line was cancelled. The quantity cancelled is not updated.

- If the cancel reason code does not reduce demand, the order status and line status update to Cancelled if the entire order is cancelled; otherwise, the order status and line status update to Closed if part of the order has shipped or was soldout. The quantity ordered is not updated and the quantity cancelled is updated with the cancel quantity.

• creates an order transaction history message indicating the order was cancelled; for example:

Type	Transaction Note	Amount	User
MAINT	System generated cancel processed		your admin user
CANCEL	Cancelled by Fraud Scoring		your admin user

• creates one or more order messages for any notes or reviewer comments made on the order in Decision Manager; for example:

Messages	Print	User
REJECTED BY KAB \| FRAUD	Nowhere	your admin user
TOOK OWNERSHIP	Nowhere	your admin user

• If the Send reversal field is selected for the CYB service bureau, performs a Credit Card Authorization Reversal against the credit card payment.

• If the entire order cannot be cancelled, for example a pick exists for one or more items on the order, the system places the order on FC Fraud Cancellation hold and creates an order transaction history message indicating the order was placed on fraud scoring cancellation hold; for example:

Type	Transaction Note	Amount	User
HOLD	Apply Fraud Scoring Cancellation hold		your admin user

Note: If order information is not returned from Cybersource, the order remains on FS Fraud Scoring hold.

Cybersource Decision Manager Reject Process

When an online authorization transaction is marked as REJECT by Decision Manager, Order Management System:

• deactivates the credit card payment, setting the To charge amount to .01,

• If the Send reversal field is selected for the CYB service bureau, performs a Credit Card Authorization Reversal against the deactivated credit card payment,

• creates an order transaction history message indicating the order was rejected by Decision Manager; for example:

Type	Transaction Note	Amount	User
SYSTEM UPDATE	FRAUD SCORE - REJECTED BY DECISION MANAG	120.00	your admin user

• during interactive order entry, displays the Select Authorization Response Option window. The message at this window should indicate the order has been rejected by Decision Manager. Regardless of whether you select Accept Order or Edit Order on this window, the system returns you to the order and requires you to add another form of payment before you can accept the order. Note: The system displays the Select Authorization Response Option window even if a vendor response pop up window message has not been defined and the Online authorization field for the order type is not set to Window (online eligible and display window).

• during web order processing, places the order on hold using the hold reason defined for the REJECT vendor response (response code 481) since the credit card payment on the order has been deactivated. Typically, you would define hold reason FS Fraud Scoring hold for vendor response 481. You need to add another form of payment before you can release the order from hold. If you try to release the order from hold in Release Held Orders (ERHO) without adding another form of payment, the system displays an error message: No payment methods have been defined for this order.

Cybersource Point-to-Point Deposit Process

Order Management System performs the following steps when you process deposits for Cybersource using point-to-point communication.

Type of deposit?

• If the deposit is a debit to the credit card, Order Management System sends a Cybersource Debit Deposit Request (ccCaptureService) XML Message to Cybersource.

• If the deposit is a credit to the credit card, Order Management System sends a Cybersource Credit Deposit Request (ccCreditService) XML Message to Cybersource.

• If the deposit is a debit to the credit card and the deposit amount is greater than the authorization amount, the authorization has expired, or the deposit is for an installment amount, Order Management System sends a Cybersource Authorization and Deposit Request (ccAuthService and ccCaptureService) XML Message to Cybersource.

Request token? If you use credit card tokenization with Cybersource and:

• The credit card number for the payment requesting deposit has already been replaced with a token, the system includes the token in the request sent to Cybersource.

• The credit card number for the payment requesting deposit has not been replaced with a token, the system includes customer and card information in the request sent to Cybersource.

To define a manual authorization for a credit card payment that uses Cybersource as its service bureau:

• Orders received through the Generic Order Interface (Order API) must contain an auth_number, auth_date, auth_amount and a transaction_id that was obtained from Cybersource.

For more information: See Processing Auto Deposits (SDEP) for an overview on deposits and processing details.

1.	Order Management System looks at the Communication type field for the CYB service bureau to determine how transactions are processed between Order Management System and the service bureau. F For the Cybersource integration with Order Management System, the setting is Payment Link indication Point-to-Point communication. The system sends online authorization transactions directly to the Cybersource service bureau.
2.	If the Communication type field for the service bureau is Payment Link, Order Management System creates the deposit request: • If the deposit is a debit to the credit card, Order Management System sends a Cybersource Debit Deposit Request (ccCaptureService) XML Message to Cybersource. • If the deposit is a credit to the credit card, Order Management System sends a Cybersource Credit Deposit Request (ccCreditService) XML Message to Cybersource. • If the deposit is a debit to the credit card and the deposit amount is greater than the authorization amount, the authorization has expired, or the deposit is for an installment amount, Order Management System sends a Cybersource Authorization and Deposit Request (ccAuthService and ccCaptureService) XML Message to Cybersource. Note: Order Management System removes any non-standard keyboard characters from the XML message before sending it to Cybersource. The system writes the deposit request message to the Trace Log if its Logging Level is set to DEBUG. Order Management System masks the card number in the log based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value. • If the Display Partial Credit Card Number in Logs (J16) system control value is selected in any company, the system displays the last four digits of the credit card number in the log; for example ***********1111. If the credit card number is 4 digits or less, the entire credit card number displays as *******. • If the Display Partial Credit Card Number in Logs (J16)* system control value is unselected in every company, the system replaces the credit card number in the log with the word *REMOVED*.
3.	Order Management System uses the settings in the Cybersource Interface Properties to send the deposit request directly to the Cybersource service bureau. Communication failure: The system tries to connect to Cybersource 3 times before flagging a transaction with a 150 General System Failure response code. If a transaction fails, any subsequent transactions will continue to process. If the CYB_PAY_LINK_SERVICE_ENABLE_LOG property is set to true, the system writes the deposit request message to the Cybersource web service log defined in the CYB_PAY_LINK_SERVICE_LOG_DIRECTORY. Order Management System masks the information in this log.
4.	Once Order Management System sends the deposit request to Cybersource, the system waits for a response to the deposit request using the number of seconds defined in the Response time field for the CYB service bureau.
5.	The Cybersource service bureau receives the deposit request, processes the request, and sends the deposit response back to Order Management System. • If the deposit is a debit to the credit card, Cybersource sends a Cybersource Debit Deposit Response (ccCaptureService) XML Message to Order Management System. • If the deposit is a credit to the credit card, Cybersource sends a Cybersource Credit Deposit Response (ccCreditService) XML Message to Order Management System. • If the deposit is a debit to the credit card and the deposit amount is greater than the authorization amount, the authorization has expired, or the deposit is for an installment amount, Cybersource sends a Cybersource Authorization and Deposit Request (ccAuthService and ccCaptureService) XML Message to Order Management System.
6.	Order Management System receives the deposit response and processes the response: • Matches the deposit response to a deposit record in the CC Deposit Transaction table. When a match is found, the system updates the status of the Credit Card Deposit Transaction record to RCVD and with the values in the deposit response. Also: - If an authorization code is returned in the response that does not match the authorization that was sent, the system creates an Authorization History record. - If an authorization exists on the order that was not used (the system sent a Cybersource Authorization and Deposit Request (ccAuthService and ccCaptureService) XML Message to Cybersource because the deposit was a debit to the credit card and the deposit amount was greater than the authorization amount), the system voids the unused authorization(s). • Completes the AUTO_DEP* job and submits the DEP_UPDATE job to the QSYSNOMAX queue to process the remaining updates, such as generating reports. See Batch Deposit Updates. If the CYB_PAY_LINK_SERVICE_ENABLE_LOG property is set to true, the system writes the deposit response to the Cybersource web service log defined in the CYB_PAY_LINK_SERVICE_LOG_DIRECTORY. Order Management System masks the information in this log. The system writes the deposit response to the Trace Log if its Logging Level is set to DEBUG. Order Management System masks the card number in the log based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value. • If the Display Partial Credit Card Number in Logs (J16) system control value is selected in any company, the system displays the last four digits of the credit card number in the log; for example ***********1111. If the credit card number is 4 digits or less, the entire credit card number displays as *******. • If the Display Partial Credit Card Number in Logs (J16)* system control value is unselected in every company, the system replaces the credit card number in the log with the word *REMOVED*.

Rejected deposits: If a deposit is rejected, you can review the reason for the decline or contact Cybersource to identify why the deposit transaction was declined, and either manually confirm the deposit or resubmit it if the decline is for a reason that may pass in subsequent processing.

If a response is not received: If a deposit response is not received within the maximum wait time, Order Management System creates a record in the Request for Response table; see Working with Required Responses (WREQ) for processing details.

Retrieving responses from Cybersource: If a deposit response was not received within the maximum wait time, or if a communication failure occurred during transaction processing, you can use the receive deposits option on the Auto Deposit Screen (Send or Receive Deposits) to send a deposit request to Cybersource, requesting Cybersource to queue the deposit response so that Order Management System can retrieve it.

Cybersource Point-to-Point Authorization Reversal Process

Order Management System performs the following steps when you perform authorization reversal using point-to-point communication with Cybersource.

For more information: See Credit Card Authorization Reversal for an overview on credit card authorization reversal and processing details.

1.	Order Management System looks at the Communication type field for the CYB service bureau to determine how transactions are processed between Order Management System and the Cybersource service bureau. For the Cybersource integration with Order Management System, the setting is Payment Link indicating Point-to-Point communication. The system sends authorization reversal transactions directly to the Cybersource service bureau.
2.	If the Communication type field for the service bureau is Payment Link, Order Management System creates the Cybersource Authorization Reversal Request (ccAuthReversalService) XML Message. Note: Order Management System removes any non-standard keyboard characters from the XML message before sending it to Cybersource. The system also writes the authorization reversal request message to the Trace Log if its Logging Level is set to DEBUG. Order Management System masks the card number in the log based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value. • If the Display Partial Credit Card Number in Logs (J16) system control value is selected in any company, the system displays the last four digits of the credit card number in the log; for example ***********1111. If the credit card number is 4 digits or less, the entire credit card number displays as *******. • If the Display Partial Credit Card Number in Logs (J16)* system control value is unselected in every company, the system replaces the credit card number in the log with the word *REMOVED*.
3.	Order Management System uses the settings in the Cybersource Interface Properties to send the Cybersource Authorization Reversal Request (ccAuthReversalService) XML Message directly to the Cybersource service bureau. Communication failure: The system tries to connect to Cybersource 3 times before flagging a transaction with a 150 General System Failure response code. If a transaction fails, any subsequent transactions will continue to process. If the CYB_PAY_LINK_SERVICE_ENABLE_LOG property is set to true, the system writes the authorization reversal request message to the Cybersource web service log defined in the CYB_PAY_LINK_SERVICE_LOG_DIRECTORY. Order Management System masks the information in this log.
4.	Once Order Management System sends the authorization reversal request to Cybersource, the system waits for a response to the authorization reversal request using the number of seconds defined in the Response time field for the CYB service bureau.
5.	The Cybersource service bureau receives the Cybersource Authorization Reversal Request (ccAuthReversalService) XML Message, processes the request, and sends the Cybersource Authorization Reversal Response (ccAuthReversalService) XML Message back to Order Management System.
6.	Order Management System receives the Cybersource Authorization Reversal Response (ccAuthReversalService) XML Message and processes the response. If the CYB_PAY_LINK_SERVICE_ENABLE_LOG property is set to true, the system writes the authorization reversal response to the Cybersource web service log defined in the CYB_PAY_LINK_SERVICE_LOG_DIRECTORY. Order Management System masks the information in this log. The system writes the token response to the Trace Log if its Logging Level is set to DEBUG. Order Management System masks the card number in the log based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value. • If the Display Partial Credit Card Number in Logs (J16) system control value is selected in any company, the system displays the last four digits of the credit card number in the log; for example ***********1111. If the credit card number is 4 digits or less, the entire credit card number displays as *******. • If the Display Partial Credit Card Number in Logs (J16)* system control value is unselected in every company, the system replaces the credit card number in the log with the word *REMOVED*.
7.	See What Happens When the Authorization Reversal is Approved? and What Happens When the Authorization Reversal is Declined? for the updates that take place in Order Management System, depending on whether the authorization reversal transaction was approved or declined by the service bureau.

Processing Authorizations and Deposits Using Point-to-Point Communication

Contents

SCVs

Search

Glossary

Reports

Solutions

XML

Index

Sample Cybersource Transactions

SO04_16CYB OROMS 17.0 2018 OTN