Powered by Adobe Commerce 2.4.3

This extension is in our Payment category, and could affect the PCI compliance level of your store. It is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.

CyberSource With Stored Cards

This is an Integration with a Third Party Service. Other charges and fees may be required to use this extension on your Store


Back to top

CyberSource, a subsidiary of Visa Inc., is a premier payment gateway dedicated to servicing ecommerce businesses like yours. CyberSource specializes in enterprise payment services, with fraud and security solutions that connect merchants and payment processors worldwide. CyberSource offers payment acceptance in more than 190 countries, and processes over $400 billion in transactions per year. Their Decision Manager fraud protection suite supports over 300 metrics, including address and IP geolocation.

This extension brings CyberSource’s enterprise payment services to Magento 2. This includes enhanced fraud services (Decision Manager), secure payment forms (Secure Acceptance Hosted Checkout), 3D Secure 2 card authentication (Payer Authentication), and extensive stored card functionality (Token Management Services). This gives you and your customers the convenience of stored credit cards, with all the security and protection of CyberSource services.

This module supports all standard payment actions in Magento. It also allows customers to save their payment info for future use. This gives returning customers the convenience of stored credit cards and rapid checkout, without breaking PCI compliance.

The first time a customer checks out, they are given an advanced form to enter their credit card details. If they choose to save the card, next time they check out they can reuse that card with a single click. Your customers can also view, add, edit, and delete any of their stored payment info through a 'Manage My Cards' interface in their account. All frontend features are also available in the Magento Admin Panel.


Account & Pricing

CyberSource is a paid service, and will charge monthly and per-transaction fees separate from this extension. CyberSource does not publish their fee structures; costs will vary by your contract, features, and payment processor. Please contact CyberSource for more information.



  • Pay by credit card
  • Save credit cards (tokens) for reuse
  • PCI SAQ A eligibility: CyberSource collects all credit card data for you
  • Add, edit, and delete saved payment data
  • Edit orders and reorder without having to ask the customer for CC info again
  • Authorize, Capture, or Save CC Info (without charging) at time of checkout
  • Capture funds even after the authorization expires
  • Partially invoice orders (including reauthorization on partial invoice)
  • Partially refund (online credit memo)
  • Send billing address, shipping address, and line items with transactions
  • Card Verification Number (CVN) Validation
  • Address Verification (AVS)
  • Account Updater card updates
  • Advanced fraud protection (Decision Manager or Fraud Management Essentials)
  • 3D Secure 2 card authentication on standard checkout
  • Integrate your systems, with Magento REST and GraphQL API support
  • Use a different CyberSource account for each website
  • Supports ParadoxLabs Adaptive Subscriptions extension



Security is everything. We know this. Customer confidence can take years to build up, and a stolen credit card can shatter that in a moment. Nevermind the legal ramifications or fees: Your customers are your business. You can't afford to risk losing them. Using ParadoxLabs CyberSource will protect you from many forms of credit card scraping hacks.

All communication with CyberSource is performed using TLS encryption, and no confidential cardholder data ever touches your server (even for a moment). Using Secure Acceptance Hosted Checkout, all credit card forms for this extension are contained within an iframe hosted by CyberSource.

This means all credit card data is sent directly from your customers to CyberSource, and none of it is exposed to your website or server at any time. CyberSource gives us a token to use in place of the actual credit card data, and we use that token for all payment processing. This lets your customers pay with a 'saved' card while the actual card is not on your server at all.

If you configure and enable Payer Authentication, your frontend checkout process is also protected with the latest 3D Secure protocols, allowing customers to authenticate with their card processor if required to do so. This fulfills the Strong Customer Authentication (SCA) requirement of EU’s Payment Services Directive (PSD2).



Stored payment info is good for your business and customers.

  • It simplifies checkout.
  • It encourages customer loyalty.
  • It streamlines order management and integrations.
  • It lets your staff quickly process orders and billing changes, without needing customers to repeat their credit card info.

All frontend features are available in the admin panel. This means admins can view, add, edit, and delete customers' stored cards, and place orders using them.

When editing an order, you can reuse the payment info, even for guests.

Use CyberSource Account Updater to keep stored cards up to date.


PCI Compliant

PCI compliance is a complex and multifaceted issue, covering every aspect of your business. We can't guarantee that your business is PCI-compliant. That depends on your server, policies, processes, regular security scans, other payment methods offered, and a lot more. What we can tell you is that this extension will not prevent you from being PCI compliant. We don't store or log confidential cardholder data, or do anything else that would bring you under scrutiny.

This extension implements CyberSource Secure Acceptance Hosted Checkout for all credit card forms, and does not support collecting credit card data by any other means. That makes the ParadoxLabs CyberSource Payments extension eligible for PCI v3.2 Self-Assessment Questionnaire A (PCI SAQ A), the simplest possible form and process.

Note that you must have SSL enabled on all checkout and login forms, and that this eligibility only applies to this specific payment method. Any other payment methods or credit card handling your business may perform will have its own SAQ eligibility, and may require you to complete a more stringent SAQ form.

For details on the SAQ types and what eligibility means, see "Self-Assessment Questionnaire Instructions and Guidelines (3.2)" (PDF, by PCI Standards Security Council).



Progressive Web Apps are the future, and we're ready for them.

This extension fully supports GraphQL and guest/customer REST APIs, allowing you to build out checkout and customer card management interfaces within your PWA, mobile app, or other 'headless' architecture. Note that adding or updating cards outside of Magento will require fully implementing Secure Acceptance Hosted Checkout or an equivalent solution, and 3D Secure if relevant.

GraphQL requires Magento 2.3.1 or newer.

Complete API documentation is available in our user manual.



The user manual covers:

  • Installation
  • Configuration
  • Features and usage
  • Common questions and issues
  • Technical info

View: CyberSource Payments User Manual (PDF) 



We are experienced, certified Magento developers. All of our code is clean, well-documented, and follows all Magento standards and techniques. We make sure to do things the right way.

Our source code is 100% unencoded (viewable source). When you purchase this extension, you get full access to view and modify it any way you need to (within the license terms).

ParadoxLabs is a proud Magento Solution Partner and member of ExtDN, the Magento Extension Developers Network.



We pride ourselves on excellent support, but that comes at a price. In order to pay our support staff well, we charge an annual fee for support. Your free purchase gives you free updates for the lifetime of this extension, but does not include support unless you add support services with your purchase (or add it later).

If you think you can handle it without our help, be our guest! If you have trouble, just know you'll need to buy support before we can help.

View our Support Policy

ParadoxLabs has been building and maintaining Magento payment integrations for years. Our integrations process billions of dollars in transactions every year for thousands of stores like yours, and our support is top-notch. Our solutions work for others—they can work for you too.

Our staff are all located in the United States, with an office in downtown Lancaster, PA, open weekdays from 8 AM to 5 PM Eastern Time. Have a question, or want to try it out? Give us a call at 717-431-3330, or email us at sales@paradoxlabs.com.

Technical Specifications

Back to top

Seller profile

ParadoxLabs, inc.

Seller contact



CyberSource Payment Solutions

Current Version


Adobe Commerce platform compatibility

Open Source (CE): 2.3 (current), 2.4 (current)

Commerce on prem (EE): 2.3 (current), 2.4 (current), 2.2 (obsolete)

Commerce on Cloud (ECE): 2.3 (current), 2.4 (current), 2.2 (obsolete)


Stable Build


24 August, 2021


Extensions, Payments & Security, Fraud, Payment Integration

Quality Report

Back to top

Installation & Varnish Tests


Coding Standard


Plagiarism Check


Malware Check


Marketing Review


Manual Testing


All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

Release Notes

Back to top


  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Fixed 'please enter CVV' validation error when capturing a card modified since order placement, with require CVV enabled.
    - Fixed card info not displaying in My Payment Data on `Magento/blank` and derived themes.
    - Fixed expired cards not showing any indicator.
    - Fixed post-checkout registration also catching normal customer registration, causing 'unable to load card' errors.
    - Fixed transaction info not showing on admin order view on Magento 2.4.2+.
    - Fixed Magento 2.4.3 compatibility by replacing all deprecated escapeQuote calls.


  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Fixed validation error after invoice.


  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Changed 'Payment Data'/'My Payment Data' to 'Payment Options'/'My Payment Options'.
    - Fixed checkout validation errors on Magento 2.3.3-2.4 resulting from core bug #28161.
    - Fixed errors on void/cancel if card no longer exists.
    - Fixed payment failed emails.


  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Added Account Updater support.
    - Added selected-card data to GraphQL cart SelectedPaymentMethod.
    - Fixed 'please enter valid email' popup when creating a new-customer order in admin.
    - Fixed card association and authorization issues when changing the email on admin checkout.
    - Fixed checkout exception when enabled but no API credentials are configured.
    - Fixed IE11 compatibility issue on checkout form.
    - Fixed Magento 2.2 compatibility issue since 4.3.2 (GraphQL reference).
    - Fixed payment failed emails by changing checkout exceptions from PaymentException to LocalizedException, to follow core behavior.


  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Fixed compatibility issue with Magento 2.4.1 and Klarna 7.1.0 that broke cart and checkout.
    - Fixed CVV type validation for stored cards.
    - Fixed exceptions on void preventing order cancellation.
    - Fixed GraphQL not being considered a frontend area, for client IP handling.
    - Fixed incomplete phone number causing error loop on checkout.
    - Fixed sporadic 'unable to load card' errors when adding a new credit card.


  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
  • Stability: Stable Build
  • Description:

    - Added CSP allowed hosts.
    - Added Magento 2.4 compatibility.
    - Fixed PHP notice with company field disabled.
    - Fixed transaction failures with CVV requirement disabled.


  • Compatible with Open Source (CE) : 2.3
  • Compatible with Commerce on prem (EE) : 2.2 2.3
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3
  • Stability: Stable Build
  • Description:

    - Fixed "Email already exists" error after placing an admin order for a new customer and getting a payment failure.
    - Fixed admin order payment form not initializing correctly on new orders.
    - Fixed API test responses getting logged as errors.
    - Fixed possible error with missing card instrument ID response data.
    - Fixed potential false positives in address change detection.


  • Compatible with Open Source (CE) : 2.3
  • Compatible with Commerce on prem (EE) : 2.2 2.3
  • Compatible with Commerce on Cloud (ECE) : 2.2 2.3
  • Stability: Stable Build
  • Description:

    Initial release for Magento 2.


Back to top

The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

Contact Vendor

Q & A

Back to top


Back to top