Integration with CyberSource
The OroCommerce and CyberSource integration facilitates the exchange of crucial data between the two platforms during the payment process. CyberSource acts as the payment gateway, handling secure payment processing, fraud detection, and payment authorization.
This integration is currently supported up to version 5.0 LTS.
Supported CyberSource Services
OroCommerce supports integration with various CyberSource services to facilitate secure and efficient payment processing within the B2B eCommerce platform. Below are some common CyberSource services that OroCommerce may support or integrate with:
- Payment Processing: OroCommerce can integrate with CyberSource’s core payment processing services, enabling customers to make payments using mainstream credit and debit cards.
- Secure Acceptance: CyberSource Secure Acceptance is a service that enables secure online payment acceptance without the need to handle sensitive payment data on your server. OroCommerce can leverage this service to enhance security during payment transactions.
- Tokenization: CyberSource Tokenization provides a way to store sensitive payment data securely by replacing it with a token. This token can be used for future transactions without storing actual card information. OroCommerce may integrate with this service to improve the handling of customer payment data.
The integration between OroCommerce and CyberSource involves exchanging key data elements to enable effective communication, payment processing, and accurate information for customers and merchants.
|Data Passed from OroCommerce to CyberSource:|
|Order ID||A unique identifier for the order within OroCommerce.|
|Order Total||The total amount of the order that the customer needs to pay.|
|Customer Details||Name, contact information, and shipping address.|
|Customer Account||Information related to the customer’s OroCommerce account.|
|Payment Amount||The specific amount to be charged for the transaction.|
|Payment Method||The chosen payment method, such as credit card, debit card, etc.|
|Payment Token||A secure token representing the customer’s payment information.|
|Secure Token||A secure token generated by CyberSource for secure payment processing.|
|Transaction Details||Including amount, currency, payment method, and customer information.|
|Data Passed from CyberSource to OroCommerce:|
|Transaction Status||The result of the payment authorization (approved, declined, etc.).|
|Authorization Code||A unique code provided by CyberSource for successful authorization.|
|Transaction ID||A unique identifier for the transaction within CyberSource.|
|Tokenization Status||Whether the payment data was successfully tokenized for future use.|
|Real-time Transaction Updates||Notifications regarding changes in transaction status, such as capturing, voiding, or refunding a payment.|
OroCommerce and CyberSource implement security measures to ensure payment integrations are secure, protect customer data, prevent fraud, and maintain payment confidentiality and integrity.
OroCommerce Security Measures:
- Data Encryption: OroCommerce employs encryption protocols (such as SSL/TLS) to encrypt data transmitted between the customer’s browser and the server, ensuring that sensitive information remains confidential during transit.
- Payment Tokenization: OroCommerce can use payment tokenization to replace sensitive payment data (like credit card numbers) with secure tokens. This reduces the exposure of sensitive data and enhances security.
- User Authentication: OroCommerce implements user authentication and authorization mechanisms to ensure only authorized personnel can access the administration panel and sensitive payment-related settings.
- Regular Security Updates: OroCommerce regularly releases updates and patches to address any security vulnerabilities, ensuring the platform is protected against known threats.
- PCI DSS Compliance: OroCommerce follows the Payment Card Industry Data Security Standard (PCI DSS) requirements to handle payment card data securely.
CyberSource Security Measures:
- PCI DSS Compliance: CyberSource is certified as a Level 1 PCI DSS service provider, which means it adheres to strict security standards for handling payment card data.
- Secure Payment Pages: CyberSource provides secure payment pages hosted on their servers, reducing the merchant’s exposure to sensitive payment data.
- Tokenization: CyberSource offers tokenization services that replace payment card data with tokens, ensuring that sensitive information is not stored on the merchant’s servers.
- Fraud Prevention: CyberSource provides robust fraud prevention tools that use advanced algorithms and machine learning to detect and prevent fraudulent transactions.
- Strong Authentication: CyberSource supports 3D Secure and other strong authentication methods to ensure that the person making the payment is the authorized cardholder.
- Transaction Monitoring: CyberSource monitors transactions in real-time for suspicious activities, allowing merchants to respond promptly to any potential security threats.
- Encryption: CyberSource uses encryption to protect data in transit and at rest, minimizing the risk of unauthorized access.