Toggle Nav
Menu
Account
  • Sign In
    • Search

    Powered by Adobe Commerce 2.4.6-p4

    This extension is in our Payment category. Please remember that it is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.
    extension-logos-full-r2_0004_m2-cybersource.png

    CyberSource With Stored Cards

    by ParadoxLabs, inc.
    Adobe Bronze Solution Partner
    main product photo
    This is an Integration with a Third Party Service. Other charges and fees may be required to use this extension on your Store
    PRODUCT:
    0
    TOTAL:
    Contact Vendor

    Overview

    Back to top

    CyberSource, a subsidiary of Visa Inc., is a premier payment gateway dedicated to servicing ecommerce businesses like yours. CyberSource specializes in enterprise payment services, with fraud and security solutions that connect merchants and payment processors worldwide. CyberSource offers payment acceptance in more than 190 countries, and processes over $400 billion in transactions per year. Their Decision Manager fraud protection suite supports over 300 metrics, including address and IP geolocation.

    This extension brings CyberSource’s enterprise payment services to Magento 2. This includes enhanced fraud services (Decision Manager), secure payment forms (Secure Acceptance Hosted Checkout), 3D Secure 2 card authentication (Payer Authentication), and extensive stored card functionality (Token Management Services). This gives you and your customers the convenience of stored credit cards, with all the security and protection of CyberSource services.

    This module supports all standard payment actions in Magento. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.

    The first time a customer checks out, they are given an advanced form to enter their credit card details. If they choose to save the card, next time they check out they can reuse that card with a single click. Your customers can also view, add, edit, and delete any of their stored payment info through a 'Manage My Cards' interface in their account. All frontend features are also available in the Magento Admin Panel.

     

    Account & Pricing

    CyberSource is a paid service, and will charge monthly and per-transaction fees separate from this extension. CyberSource does not publish their fee structures; costs will vary by your contract, features, and payment processor. Please contact CyberSource for more information.

     

    Features

    • Pay by credit card
    • Save credit cards (tokens) for reuse
    • PCI SAQ A eligibility: CyberSource collects all credit card data for you
    • Add, edit, and delete saved payment data
    • Edit orders and reorder without having to ask the customer for CC info again
    • Authorize, Capture, or Save CC Info (without charging) at time of checkout
    • Capture funds even after the authorization expires
    • Partially invoice orders (including reauthorization on partial invoice)
    • Partially refund (online credit memo)
    • Send billing address, shipping address, and line items with transactions
    • Card Verification Number (CVN) Validation
    • Address Verification (AVS)
    • Account Updater card updates
    • Advanced fraud protection (Decision Manager or Fraud Management Essentials)
    • 3D Secure 2 card authentication on standard checkout
    • Integrate your systems, with Magento REST and GraphQL API support
    • Use a different CyberSource account for each website
    • Supports ParadoxLabs Adaptive Subscriptions extension

     

    Secure

    Security is everything. We know this. Customer confidence can take years to build up, and a stolen credit card can shatter that in a moment. Nevermind the legal ramifications or fees: Your customers are your business. You can't afford to risk losing them. Using ParadoxLabs CyberSource will protect you from many forms of credit card scraping hacks.

    All communication with CyberSource is performed using TLS encryption, and no confidential cardholder data ever touches your server (even for a moment). Using Secure Acceptance Hosted Checkout, all credit card forms for this extension are contained within an iframe hosted by CyberSource.

    This means all credit card data is sent directly from your customers to CyberSource, and none of it is exposed to your website or server at any time. CyberSource gives us a token to use in place of the actual credit card data, and we use that token for all payment processing. This lets your customers pay with a 'saved' card while the actual card is not on your server at all.

    If you configure and enable Payer Authentication, your frontend checkout process is also protected with the latest 3D Secure protocols, allowing customers to authenticate with their card processor if required to do so. This fulfills the Strong Customer Authentication (SCA) requirement of EU’s Payment Services Directive (PSD2).

     

    Convenient

    Stored payment info is good for your business and customers.

    • It simplifies checkout.
    • It encourages customer loyalty.
    • It streamlines order management and integrations.
    • It lets your staff quickly process orders and billing changes, without needing customers to repeat their credit card info.

    All frontend features are available in the admin panel. This means admins can view, add, edit, and delete customers' stored cards, and place orders using them.

    When editing an order, you can reuse the payment info, even for guests.

    Use CyberSource Account Updater to keep stored cards up to date.

     

    PCI Compliant

    PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, policies, processes, regular security scans, other payment methods offered, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't store or log confidential cardholder data, or do anything else that would bring you under scrutiny.

    This extension implements CyberSource Secure Acceptance Hosted Checkout for all credit card forms, and does not support collecting credit card data by any other means. That makes the ParadoxLabs CyberSource Payments extension eligible for PCI v3.2 Self-Assessment Questionnaire A (PCI SAQ A), the simplest possible form and process.

    Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility, and may require you to complete a more stringent SAQ form.

    For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).

     

    PWA-Ready

    Progressive Web Apps are the future, and we're ready for them.

    This extension fully supports GraphQL and guest/customer REST APIs, allowing you to build out checkout and customer card management interfaces within your PWA, mobile app, or other 'headless' architecture. Note that adding or updating cards outside of Magento will require fully implementing Secure Acceptance Hosted Checkout or an equivalent solution, and 3D Secure if relevant.

    GraphQL requires Magento 2.3.1 or newer.

    Complete API documentation is available in our user manual.

     

    Documentation

    The user manual covers:

    • Installation
    • Configuration
    • Features and usage
    • Common questions and issues
    • Technical info

    View: CyberSource Payments User Manual (PDF) 

     

    Quality

    We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows all Magento standards and techniques. We make sure to do things the right way.

    Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify it any way you need to (within the license terms).

    ParadoxLabs is a proud Magento Solution Partner and member of ExtDN, the Magento Extension Developers Network.

     

    Support

    We pride ourselves on excellent support, but that comes at a price. In order to pay our support staff well, we charge an annual fee for support. Your free purchase gives you free updates for the lifetime of this extension, but does not include support unless you add support services with your purchase (or add it later).

    If you think you can handle it without our help, be our guest! If you have trouble, just know you'll need to buy support before we can help.

    View our Support Policy

    ParadoxLabs has been building and maintaining Magento payment integrations for years. Our integrations process billions of dollars in transactions every year for thousands of stores like yours, and our support is top-notch. Our solutions work for others—they can work for you too.

    Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at sales@paradoxlabs.com.

    Technical Specifications

    Back to top

    Seller profile

    ParadoxLabs, inc.

    Seller contact

    E-mail

    Integrator

    CyberSource Payment Solutions

    Current Version

    1.4.0

    Adobe Commerce platform compatibility

    Adobe Commerce (cloud): 2.4 (current), 2.2 (obsolete), 2.3 (obsolete)

    Adobe Commerce (on-prem): 2.4 (current), 2.2 (obsolete), 2.3 (obsolete)

    Magento Open Source: 2.4 (current), 2.3 (obsolete)

    Type

    Stable Build

    Updated

    25 January, 2024

    Categories

    Extensions, Payments & Security, Fraud, Payment Integration

    Documentation

    User Guides

    License Type

    Apache License 2.0

    Policy

    Privacy Policy

    Quality Report

    Back to top

    Installation & Varnish Tests

    Passed

    Coding Standard

    Passed

    Plagiarism Check

    Passed

    Malware Check

    Passed

    Marketing Review

    Passed

    Manual Testing

    Passed

    All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

    Release Notes

    Back to top

    1.4.0:

    • Compatible with Adobe Commerce (cloud) : 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Added Instant Purchase support for customers with active stored cards.
      - Fixed a PHP notice if phone number is optional and missing.
      - Fixed possible multibyte string errors in address fields.

    1.3.3:

    • Compatible with Adobe Commerce (cloud) : 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Added preliminary support for Magento 2.4.7-beta2.
      - Fixed ACH form template on multishipping checkout.
      - Fixed card type detection on multishipping checkouts. (Thanks Will)
      - Fixed logging of empty transaction update responses ("Requested Resource Not Found").
      - Fixed payment info incorrectly persisting and preventing new card entry after a payment decline or admin reorder.
      - Fixed performance issue on order grid and order collection load. (Thanks @lbajsarowicz)
      - Fixed PHP 8.2 compatibility.
      - Fixed possible error on 'Get Payment Update' if transaction is closed.
      - Fixed REST API GET requests (1.3.1 regression).
      - Fixed REST API signature parentheses deprecation.

    1.3.2:

    • Compatible with Adobe Commerce (cloud) : 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Changed license from proprietary to Apache 2.0. Issue reports and contributions are welcome on GitHub.
      - Fixed disallowed characters in Secure Acceptance billing address fields.
      - Fixed hyphenated transaction IDs possibly being sent to payment gateway on refund.
      - Fixed possible Cloud deploy pipeline error from DI constants.

    1.3.1:

    • Compatible with Adobe Commerce (cloud) : 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Added compatibility for Magento 2.4.6.
      - Changed GraphQL data assignment to allow order placement in a separate mutation. (Thanks Alfredo)
      - Fixed GraphQL tokenbase_id handling during order placement. (Thanks Damien, Tony)
      - Fixed incomplete billing address causing a payment error on admin order.
      - Fixed multi-website config scope issues with Secure Acceptance.
      - Fixed PHP 8.1 compatibility error on admin order.
      - Fixed possible duplicate checkout submission by keyboard input.
      - Fixed transaction being voided in error if 'quote failure' event runs despite the order saving successfully. (Thanks Michael)
      - Fixed zero-total checkout handling.

    1.3.0:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Removed compatibility for Magento 2.2 and below. For anyone updating from Magento 2.2 or below, update this extension to the previous version before updating Magento, then update Magento and the latest extension version.
      - Added compatibility for Magento 2.4.4 + PHP 8.1.
      - Added auto voiding of transactions at checkout when third party code throws an order processing exception.
      - Added configuration to change the delay for inactive card pruning.
      - Added form key validation to GetParams requests (thanks Ian).
      - Added GraphQL support for 3D Secure/Payer Authentication.
      - Added security-related settings to admin checkout configuration.
      - Added setting to enable/disable fraud check on card storage.
      - Changed card pruning delay from 120 to 180 days to reflect new Authorize.net policy.
      - Fixed 'get payment update' button under multi-website configuration.
      - Fixed 3D Secure 2.x capability.
      - Fixed ability to use TokenBase methods for free orders.
      - Fixed address input issues possibly resulting in infinite load/error loop.
      - Fixed addresses to send full region name to SOAP API for intl support.
      - Fixed card save error handling when receiving a 'call card issuer' response.
      - Fixed config not loading from proper scope on admin/API requests.
      - Fixed decision manager running and possibly requiring CVV on subscription rebilling.
      - Fixed error parameter replacement on checkout for complex error messages. (Thanks Navarr)
      - Fixed fingerprint ID including merchant ID in API calls.
      - Fixed fraud updates checking wrong transaction ID field, causing PHP errors.
      - Fixed handling of payment methods on free orders.
      - Fixed missing CVV failure on partial capture by disabling decision manager for follow-up transactions.
      - Fixed possible 'Please enter your credit card CVV' error at invoicing/refunding.
      - Fixed possible PHP notice in address input processing.
      - Fixed possible session/card loading issues when adding a new card, due to a field conflict.
      - Fixed response code 478 step-up for Payer Authentication.
      - Fixed scheduled tasks not supporting multi-account configuration.
      - Fixed void to instead run auth reversal if transaction is uncaptured.
      - Improved error logging.
      - Improved state/region handling and compatibility.

    1.1.3:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fixed 'please enter CVV' validation error when capturing a card modified since order placement, with require CVV enabled.
      - Fixed card info not displaying in My Payment Data on `Magento/blank` and derived themes.
      - Fixed expired cards not showing any indicator.
      - Fixed post-checkout registration also catching normal customer registration, causing 'unable to load card' errors.
      - Fixed transaction info not showing on admin order view on Magento 2.4.2+.
      - Fixed Magento 2.4.3 compatibility by replacing all deprecated escapeQuote calls.

    1.1.2:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fixed validation error after invoice.

    1.1.1:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Changed 'Payment Data'/'My Payment Data' to 'Payment Options'/'My Payment Options'.
      - Fixed checkout validation errors on Magento 2.3.3-2.4 resulting from core bug #28161.
      - Fixed errors on void/cancel if card no longer exists.
      - Fixed payment failed emails.

    1.1.0-p1:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Added Account Updater support.
      - Added selected-card data to GraphQL cart SelectedPaymentMethod.
      - Fixed 'please enter valid email' popup when creating a new-customer order in admin.
      - Fixed card association and authorization issues when changing the email on admin checkout.
      - Fixed checkout exception when enabled but no API credentials are configured.
      - Fixed IE11 compatibility issue on checkout form.
      - Fixed Magento 2.2 compatibility issue since 4.3.2 (GraphQL reference).
      - Fixed payment failed emails by changing checkout exceptions from PaymentException to LocalizedException, to follow core behavior.

    1.0.3:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Fixed compatibility issue with Magento 2.4.1 and Klarna 7.1.0 that broke cart and checkout.
      - Fixed CVV type validation for stored cards.
      - Fixed exceptions on void preventing order cancellation.
      - Fixed GraphQL not being considered a frontend area, for client IP handling.
      - Fixed incomplete phone number causing error loop on checkout.
      - Fixed sporadic 'unable to load card' errors when adding a new credit card.

    1.0.2:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3 2.4
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3 2.4
    • Compatible with Magento Open Source : 2.3 2.4
    • Stability: Stable Build
    • Description:

      - Added CSP allowed hosts.
      - Added Magento 2.4 compatibility.
      - Fixed PHP notice with company field disabled.
      - Fixed transaction failures with CVV requirement disabled.

    1.0.1:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3
    • Compatible with Magento Open Source : 2.3
    • Stability: Stable Build
    • Description:

      - Fixed "Email already exists" error after placing an admin order for a new customer and getting a payment failure.
      - Fixed admin order payment form not initializing correctly on new orders.
      - Fixed API test responses getting logged as errors.
      - Fixed possible error with missing card instrument ID response data.
      - Fixed potential false positives in address change detection.

    1.0.0:

    • Compatible with Adobe Commerce (cloud) : 2.2 2.3
    • Compatible with Adobe Commerce (on-prem) : 2.2 2.3
    • Compatible with Magento Open Source : 2.3
    • Stability: Stable Build
    • Description:

      Initial release for Magento 2.

    Support

    Back to top

    The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

    Contact Vendor

    Q & A

    Back to top

    Reviews

    Back to top