We have an implemention using a very old Cybersource API. We store card info on our servers. We make auths for customer-initiated online purchases during the day, then settle/charge them all in a job the next day. We're trying to fulfill the Visa COF mandates and getting no help from Cybersource.
For our API, the docs describing the mandate say that recording a card for the first time should include sending a "subsequent_auth_first" flag. All subsequent auths on that card, made using stored card info, should include a "subsequent_auth_stored_credential" flag.
1. We have thousands of cards already on file being used for repeat purchases. None of them have ever been submitted with a "subsequent_auth_first" flag. Are we supposed to send a "subsequent_auth_first" for each of them one time, then "subsequent_auth_stored_credential" for all auths after that? Or is "subsequent_auth_first" reserved for the first time you actually capture and store the card info, so we should just send "subsequent_auth_stored_credential" every time for all of them?
2. When capturing card info for the first time, it's always done with an auth, which is then settled the next day. In this case we need to send "subsequent_auth_first" for that first auth. Do we also have to send it for the first settlement the next day? Or should the first settlement transaction use "subsequent_auth_stored_credential"?
Thank you and I can answer any questions if this is confusing.
We have an expert team that manages questions specific to CyberSource. Please reach out to the CyberSource team directly.
After meeting with CyberSource, we have come to learn that VDP generated Merchant ID’s will experience an unresolvable gateway issue.
The EBC error message: The payment processor gateway name is either invalid or missing
Currently, the only method to properly query the CyberCource Payments sandbox is creating a merchant account directly with CyberSource:
Luckily, their site also provides an easy to use method to test their account credentials:
Additionally, here are the following links for sample code: https://github.com/CyberSource/cybersource-rest-samples-java/blob/master/src/main/java/samples/payme...
Hi Diana. Thank you for your quick response. However, I was under the impression this is not a Cybersource-specific question, and the COF mandate is being imposed by Visa. I may have confused things by including Cybersource fieldnames like "subsequent_auth_first"; they correspond to the POS environment codes in the COF mandate. I'll try to rephrase the questions, and please tell me if I'm misguided.
1. The mandate requires we identify for every transaction whether it's the first time auth, or it's a subsequent auth. We have thousands of past cards already on file being used for repeat purchases.
For a card we've already used in the past, the NEXT time we use it, do we need to send that first-time-authed code? Or just send the subsequent-auth code for the next auth? (Our guess is no, just send the subsequent-auth code for all auth transactions.)
2. We make several auths during the day, then settle them all the next day. Does the first-time-authed code (or subsequent-auth code) need to be submitted in the settlement transactions? Or just the auths? (Our guess is no, use the codes only in auths, not settlements.)
Thanks again for any help. We've had a ticket open with Cybersource for several weeks and no one there can answer the questions 🙂
Can you please confirm which API product you are using for your project app that your questions are referring to?
I won't be able to assist you with your CyberSource Payments question because we have an expert team that manages questions specific to CyberSource. Please contact CyberSource directly using the information provided to you below.