WooCommerce CyberSource Payment Gateway

Overview

WooCommerce CyberSource is a payment gateway integration that allows you to take credit card and eCheck payments via CyberSource directly on your site.

This plugin leverages CyberSource’s Flex Microform payment form to help you meet SAQ A PCI compliance levels with a seamless checkout on your site. CyberSource uses hosted fields to process payments, so sensitive payment information is sent directly to CyberSource, bypassing your servers.

Requirements

• A CyberSource account (fees apply)
• WooCommerce 3.0.9+
• PHP 5.6+ (you can view this under WooCommerce > Status)
• An SSL certificate

Installation

1. Ensure your store meets the plugin requirements.
2. Download the extension from your WooCommerce dashboard.
3. Go to Plugins > Add New > Upload and select the ZIP file you just downloaded.
4. Click Install Now and then Activate.
5. Click Configure and read the next section to learn how to setup the plugin.

Upgrading from the SOP plugin

If you’re upgrading from the CyberSource SOP plugin, you will see a notice in that plugin to migrate to this integration. Your SOP plugin subscription has automatically been converted to a subscription for this integration! You can migrate to this integration seamlessly with a few steps.

You should be connected to WooCommerce.com to completed this migration. If your site isn’t connected, you’ll be prompted to connect first. If you need help connecting, please check out this document. If you can’t connect for some reason, please check our FAQs below for instructions on how to upgrade.

Once your site is connected to WooCommerce.com, you’ll see a notice to migrate to this plugin when you’re ready. This will automatically download, install, and activate the new CyberSource plugin.

Once the new plugin is activated, please follow these instructions to update the gateway with your new API credentials.

You can also choose to migrate previous order data to the new gateway. Migrating order data lets you manage historical orders with the new gateway (e.g. issue refunds). However, please note that since the new CyberSource API does not support hosted forms for eChecks, you may not want to migrate eChecks if you are concerned with how this impacts PCI compliance on your site.

When you’re ready to accept payments with the new CyberSource plugin, you can then safely deactivate/delete the SOP plugin.

Upgrade FAQs

Q: What if I’m unable to connect to WooCommerce.com? (For example, if your site sells CBD oil products.)
A: You can still migrate! You’ll need a couple more steps, though:

1. Download the new CyberSource integration from your WooCommerce.com account (you will already have a new subscription for it).
2. Install this plugin under Plugins > Add New > Upload.
3. Activate this plugin.

Once this plugin is activated, you can proceed with updating your gateway credentials.

Q: What has changed from my previous plugin?
A: You’ve gained some new features!  Click here to read all about the updated CyberSource 2.0 plugin.

Q: What will happen to my plugin subscription?
A: Your WooCommerce.com account was automatically gifted a new subscription for this plugin. Here’s how we handled the change:

• You have been gifted a subscription for the new plugin that ends on the same date as your SOP plugin subscription.
• If your SOP plugin subscription was set to auto-renew, we’ve turned it off, and enabled auto-renew on the new plugin subscription. If your subscription did not auto-renew, we’ve left it disabled.
• Your SOP plugin subscription is still in your account for now, but it will end on its original date, and cannot be renewed again.

Q: How do I accept payments while migrating?
A: Since the updated plugin requires different credentials than the SOP plugin, we will not automatically disable CyberSource SOP after you migrate. This will give you time to get the new plugin setup and configured to your liking, while continuing to accept payments from SOP. When you’re ready to switch over, you can activate CyberSource 2.0, complete a test transaction to ensure everything’s working properly, and then deactivate / delete SOP. Our support team is also happy to help out with any questions or migration concerns!

Q: What are the benefits of migrating orders from SOP to the new CyberSource plugin?
A: By migrating your orders from SOP, you’ll be able to manage those orders with the new CyberSource plugin. For example, if you need to issue a refund for an older order, you can handle that entirely in WooCommerce with the new plugin! In most cases, we do recommend migrating orders. However, please note that the new CyberSource API does not support hosted forms for eChecks, so if you were relying on this form type for SOP eChecks for PCI compliance purposes, you may not want to migrate those orders.

Getting Started

You must have an active Cybersource gateway account (which charges its own usage fees) with the JSON REST API enabled to use this plugin. In this section, we’ll review how to generate your security keys and setup the plugin.

Generate Security Keys

CyberSource uses a security key to communicate with your site. If you want to perform test transactions, you can follow these steps to create both Live and Test accounts. Follow the steps below to generate a security key:

1. 1. Log in to the CyberSource business center with your CyberSource merchant ID.
   2. Go to Payment Configuration > Key Management.
   3. Select the Keys menu and click API Keys.
   4. Click Generate Key.

      

1. 1. Select API Cert / Secret as the key type and click Next Step.
   2. Select Shared Secret as the key subtype and click Submit.
   3. Copy the Shared Secret Key to add to the plugin settings. You can also click Download Key if you’d like to save this key for future reference.

Extension Settings

You can configure the plugin to support credit cards and/or eChecks by going to WooCommerce > Settings > Payments and selecting CyberSource or CyberSource eCheck.

Credit Card Settings

• Enable / Disable: Allow customers to use this gateway to process credit cards at checkout.
• Title: The text shown for the payment during checkout and on the Order Received page.
• Description: The text shown under the gateway’s title during checkout. Limited HTML is allowed. If you enable test mode, this section will also display a notice along with test credit card numbers.
• Card Verification (CSC): Require customers to enter their card security/verification codes when checking out.
• Transaction Type: Controls how transactions are submitted to CyberSource. Select “Charge” to automatically capture payments. If you select “Authorization”, you must manually capture and settle payments in your CyberSource account or on the WooCommerce orders screen after the transaction has been submitted. This defaults to “Charge”.
• Charge Virtual-Only Orders: If Transaction Type is set to “Authorization”, enable this to automatically capture charges for orders with only virtual products. For downloadable products, this will grant downloads access right away.
• Capture Paid Orders: If Transaction Type is set to “Authorization”, enable this to automatically capture charges when orders move to a paid status.
• Accepted Card Logos: Determines which card logos are displayed during checkout. This has no impact on which cards are accepted by your merchant account.
• Tokenization: Let customers save their payment methods for future use at checkout. This is required for Subscriptions or Pre-Orders.
• Tokenization Profile ID: The Token Management Server profile ID, which CyberSource can provide for you.
• Detailed Decline Messages: Display detailed messages to customers to provide reasoning for declines instead of a generic error message when possible. Click here to read more about detailed decline messages.
• Debug Mode: Enable when you’re having issues processing transactions. You can choose to log API requests directly on the checkout page, save them to the WooCommerce > Status > Logs page, or both. As a best practice, please do not enable this setting unless you’re having issues with the plugin.
• Environment: Switch between “Test” and “Production” credentials. Enable “Test” to send transactions to your CyberSource Test Account.
• Merchant ID: The ID assigned to you by CyberSource, which you use to log into the Business Center.
• API Key Detail: Follow the steps above to retrieve your API Key Detail.
• API Shared Secret Key: Follow the steps above to retrieve your API Shared Secret Key.
• Flex Microform: Enable to use this hosted payment form field to reduce your site’s PCI compliance burden.

eCheck Settings

• Enable / Disable: Allow customers to use this gateway to process eChecks at checkout.
• Title: The text shown for the payment during checkout and on the Order Received page.
• Description: The text shown under the gateway’s title during checkout. Limited HTML is allowed. If you enable test mode, this section will also display a notice along with test credit card numbers.
• Detailed Decline Messages: Display detailed messages to customers to provide reasoning for declines instead of a generic error message when possible. Click here to read more about detailed decline messages.
• Debug Mode: Enable when you’re having issues processing transactions. You can choose to log API requests directly on the checkout page, save them to the WooCommerce > Status > Logs page, or both. As a best practice, please do not enable this setting unless you’re having issues with the plugin.
• Environment: Switch between “Test” and “Production” credentials. Enable “Test” to send transactions to your CyberSource Test Account.
• Share connection settings: If using the credit card and eCheck gateways, select this setting to share credentials between the gateways so you don’t need to enter and maintain them in two locations.
• Merchant ID: The ID assigned to you by CyberSource, which you use to log into the Business Center.
• API Key Detail: Follow the steps above to retrieve your API Key Detail.
• API Shared Secret Key: Follow the steps above to retrieve your API Shared Secret Key.
• Check Number Field: Decide whether to display the Check Number field at checkout and if it should be required.
• Authorization: Display an authorization message during the checkout process.
• Authorization Message: If Authorization is enabled, enter the message you want to show to your customers. You can use the following merge tags:
  • {merchant_name}: Your store name
  • {order_date}: Date of purchase
  • {order_total}: Total order value

Managing Orders

As a site administrator, you can use the WooCommerce CyberSource gateway to manually capture charges and automatically refund/void transactions as needed.

Capture Charges

If the Transaction Type setting is set to “Authorization”, you can manually capture these payments from the WooCommerce Orders page. Click here to read more about capturing charges.

Automatic Refunds

You can process refunds directly in WooCommerce without needing to log into your CyberSource account. Click here to read more about issuing automatic refunds from WooCommerce.

Void Transactions

You can void transactions directly in WooCommerce in the following circumstances:

• If your Transaction Type setting is set to “Authorization”, you can void when the transaction has been authorized but not yet captured.
• If your Transaction Type setting is set to “Charge”, you can void when the transaction has not yet been settled (e.g. funds haven’t been transferred from the customer’s account to your CyberSource account).

CyberSource does not accept partial voids. If a transaction is no longer eligible to be voided, you must refund the order. Click here to read more about voiding transactions in WooCommerce.

Gateway Features

Your customers can take advantage of the following features when your site uses WooCommerce CyberSource.

Saving Payment Methods

Customers can save payment methods during the checkout process or from their My Account area. This lets them quickly select payment details during future checkouts and also lets your site support Subscriptions and Pre-Orders.

Enhanced Checkout Form

CyberSource supports an enhanced checkout form that improves the checkout experience on mobile and desktop devices. Click here to read about the enhanced payment form. You can also enable the Flex Microform setting to further reduce your site’s PCI compliance burden by using CyberSource hosted fields.

Frequently Asked Questions

Q: How can I perform test transactions to ensure that the gateway is setup properly?
A: To perform test transactions, first set the plugin in the “Test” environment. Then, submit an order with a valid billing address and the following payment information:

• Card Number: 4111111111111111
• Card Type: VISA
• Expiration Date: Enter any future date
• Card Security Code: Enter any three-digit string (e.g. 123)

Click here to view all test card numbers provided by CyberSource.

Q: CyberSource supports Apple Pay for web payments. Can I use this in my store?
A: CyberSource contains a framework for Apple Pay, but it can only be enabled by developers, as the certification process requires developer-only tools. If you work with a developer and would like to add Apple Pay to your store, please click here to review the setup instructions and requirements. Please note that configuring Apple Pay support for this plugin is considered a customization and is not covered by our support policy.

Troubleshooting

Having trouble? Follow these steps to make sure everything is setup correctly before posting a support request:

• Please ensure that your site meets the plugin requirements.
• Check the FAQs to see if they address your question.
• Confirm that your credentials are correct.
• Enable the Debug Mode setting and review the errors codes/messages provided by CyberSource. Click here to learn more about CyberSource error/response codes. Sometimes more detailed error information/messages can be found by logging into your CyberSource Business Center and viewing transaction reports. In some cases, such as a transaction being held for review or declined, the plugin cannot change the issue and it must be resolved in your CyberSource account. If the error code indicates an issue with the plugin, please submit a support ticket and include the logs to help us troubleshoot.