CyberSource, a Visa solution, is a leading payment provider used by merchants to enable global payment processing and management. CyberSource users can add the CyberSource plug-in to the Elastic Path Payments framework to handle credit card payment processing and tokenization.
Cardholder data is sent directly to the CyberSource payment gateway and is returned as a vault (payment) token to the Payments framework. A vault token is a generated number which represents the cardholder data in the Payments framework. Cardholder data such as card number or Card Verification Value (CVV) code is never transmitted to Cortex or stored by Cortex. The token can be used for subsequent pre-authorization requests in place of the actual cardholder data.
CyberSource supports the following methods for credit card token acquisition. Select the method that suits your needs:
Direct Post: The store front-end hosts all cardholder data fields on the site and the browser posts the details directly to CyberSource.
Hosted Page: The store front-end redirects the shopper to the CyberSource page to collect the cardholder data.
Direct Post CyberSource Plug-in
The store front-end hosts all cardholder data fields and the browser posts the details of the fields directly to CyberSource. The cardholder data is collected on either a shopper’s profile or during the checkout process. After collection, Direct Post sends the form to CyberSource, which in return sends a token value to Cortex. The token value is posted to Cortex to create a payment instrument.
Client developers can build a payment form to collect the cardholder data. The page calls Cortex to retrieve the payment instructions. The results of the payment instructions contain values, including a signature,and are required for making calls to CyberSource. These values are posted to CyberSource which tokenizes the cardholder data.
CyberSource provides Cortex with instructions about how to create the payment instrument. There are two sections of data that return, the control data and the payload data. For more information, see Using the CyberSource Plug-in.
The Direct Post workflow when a shopper initiates the checkout process:
The storefront sends a message to Cortex to retrieve the billing address form resource and the email address form resource.
The storefront sends a message to CyberSource to retrieve the following:
- CyberSource Request Signer, to obtain the signature.
- CyberSource Secure Acceptance Checkout API, to obtain the vault token.
CyberSource sends the vault token to the storefront.
The storefront posts the vault token to Cortex.
Cortex sends the purchase form resource to trigger the purchase and receipt page to CyberSource.
Hosted Page CyberSource Plugin
You can use Hosted Page method of the CyberSource plug-in to redirect shoppers to the CyberSource-hosted payment page to enter credit card details.
Before the shopper gets the payment page, the page calls Cortex to retrieve payment instructions. The payment instructions result contains several values including a signature that must be posted to CyberSource when the shopper is redirected to the payment page.
Cardholder details can either be collected for association with the shopper’s profile for subsequent uses or during checkout. Any fields returned by payment instructions results must be posted directly to CyberSource, which renders a payment page. When the shopper enters the details, a token value posts back to the customer endpoint on the site. The token value is posted to Cortex to create the payment instrument.
The Hosted Page workflow when a shopper initiates the checkout process:
- The storefront sends a message to the CyberSource Request Signer to get a signature.
- The storefront sends a message to CyberSource Secure Acceptance Hosted Checkout API to display the CyberSource billing and payment details for the shopper.
- CyberSource sends a message to Cortex with the vault token to Cortex payment token form resource.