February 2015
Oracle® Retail Open Commerce Platform OCP/CyberSource Integration Implementation Guide,
Release 6.0.1
Note: The rebranding for the latest version of this documentation set is in development as part of post
MICROS acquisition activities. References to former MICROS product names may exist throughout this
existing documentation set.
Primary Author:
Contributors:
This software and related documentation are provided under a license agreement containing
restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly
permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate,
broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any
form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless
required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-
free. If you find any errors, please report them to us in writing.
If this software or related documentation is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated
software, any programs installed on the hardware, and/or documentation, delivered to U.S.
Government end users are "commercial computer software" pursuant to the applicable Federal
Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication,
disclosure, modification, and adaptation of the programs, including any operating system, integrated
software, any programs installed on the hardware, and/or documentation, shall be subject to license
terms and license restrictions applicable to the programs. No other rights are granted to the U.S.
Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and
other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any
damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be
trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC
trademarks are used under license and are trademarks or registered trademarks of SPARC
International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or
registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content,
products, and services from third parties. Oracle Corporation and its affiliates are not responsible for
and expressly disclaim all warranties of any kind with respect to third-party content, products, and
services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle
Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to
your access to or use of third-party content, products, or services, except as set forth in an applicable
agreement between you and Oracle.
1. Introduction ................................................................................................................. 4
3. Implementation ........................................................................................................... 4
3.1. CyberSource Access.............................................................................................. 4
3.2. Determine Decision Manager Usage ..................................................................... 5
3.3. Site Parameter Configuration ................................................................................. 6
3.3.1. Enable CyberSource Payments ...................................................................... 7
3.3.2. Configure Security Keys .................................................................................. 7
3.3.3. Configure Merchant Identification .................................................................... 7
3.3.4. Configure Transaction Identifier ...................................................................... 8
3.3.5. Configure CyberSource Version ...................................................................... 9
3.3.6. Configure Production or Test Server ............................................................... 9
3.3.7. Configure Number of Authorization Retry Attempts ...................................... 10
3.3.8. Configure Logging ......................................................................................... 10
3.3.9. Configure Order Total Usage ........................................................................ 11
3.3.10. Configure Decision Manager Support ......................................................... 12
3.3.11. Configure Advanced Fraud Service Usage ................................................. 12
3.3.12. Configure CVC (Card Verification Code) Usage ......................................... 13
3.3.13. Configure AVS (Address Verification Service) Usage................................. 13
3.4. Error Message Configuration ............................................................................... 14
3.5. Conversion Detail Report Configuration .............................................................. 14
3.5.1. Decision Manager Status Update .................................................................. 14
3.6. Configure Batch Processes ................................................................................. 15
3.6.1. Reauthorization Process ............................................................................... 16
3.6.2. Settlement Process ....................................................................................... 16
3.7. Testing information............................................................................................... 16
3.7.1. Test Credit Cards .......................................................................................... 16
3.7.2. Test Scenarios ............................................................................................... 17
This document assumes that CyberSource is being implemented on a new product build based on OCP
version 5.1 or newer.
2.1. Initial Steps
As soon as there is a commitment to an OCP implementation and it is confirmed CyberSource is included:
• Obtain the proposal and contract documents to confirm details of the CyberSource implementation
and if it is base or includes additional enhancements.
Project Management:
• Create a ticket for Managed Services to have the firewall opened for access to CyberSource.
• Ensure the client has an account with CyberSource. Information on registering with CyberSource can
be found here: http://support.cybersource.com/cybskb/index?page=content&id=C887&actp=RSS.
• Determine if the client will be using Decision Manager.
3. IMPLEMENTATION
3.1. CyberSource Access
Create a Managed Services request to have the firewall opened for access to CyberSource.
Each parameter can be set by selecting either the parameter name or the parameter value. On the page that
appears, enter the new value for the parameter, then select “Save Parameter”.
The sections below describe the parameters and how their values should be set.
The “PAYMENTSERVICE.CC.CYBERSOURCE.ALLOWDECISIONMANAGERFORFRAUDCHECK”
parameter should be set to true” if CyberSource’s Decision Manager application is being used. When set to
“true”, the processing of the return values from authorization requests is modified to include Decision
Manager review as a valid return. Setting this to true does NOT tell CyberSource to use the Decision
Manager. Set the value to “false” if Decision Manager is not being used.
Decision Manager creates a report that details the transactions that have been accepted and rejected in it.
The OCP Decision Manager status update batch process reads in the report, and then processes the
transactions and the orders associated with them appropriately. When Decision Manager is being used, the
Decision Manager status update batch process needs to be scheduled and configured appropriately.
There are two different processes, one that runs on demand
(oms-decision-manager-update-status-ondemand.sh) and one that runs daily
(oms-decision-manager-update-status-daily.sh). Both processes share the same configuration file,
shell-decision-manager-status-update-config.xml. The environment variables for the conversion detail report
must be configured in order for these processes to run successfully. These variables should be set in the
site’s context.xml and the batch process’s configuration file. The variables are:
• cybersource.cdr.service.timezone should be set to the time zone of the location where the batch
process is being executed. The time zone should be in Greenwich Mean Time, i.e."GMT-04:00".
• cybersource.cdr.mail.to is defined in configuration files, but not used in OCP. It does not need to be
modified for a client.
• cybersource.cdr.mail.from is defined in configuration files, but not used in OCP. It does not need to
be modified for a client.
• cybersource.cdr.mail.subject is defined in configuration files, but not used in OCP. It does not need
to be modified for a client.
• mail.emailServer is defined in configuration files, but not used in OCP. It does not need to be
modified for a client.
Although not specific to CyberSource, the reauthorization process needs to be scheduled to run in order for
payments and settlements to work correctly. The reauthorization process attempts to get new authorizations
for authorizations that have expired, or authorizations that had communication errors on their initial
authorization attempt. The shell script for the reauthorization process is named oms-reauthorization.sh and
its configuration file is named shell-oms-reauthorization-config.xml.
3.6.2. Settlement Process
Although not specific to CyberSource, the settlement process needs to be scheduled to run in order for
settlements to be processed. The shell script for the settlement process is named oms-settlement.sh and the
configuration file is named shell-oms-settlement-config.xml.
The following credit card numbers can be used in testing. These are not real credit cards, but will
authorize as if they were. Never use a real credit card for testing purposes.
Maestro (UK Domestic) Issue number not required: 6759 4111 0000 0008
One-digit issue number required: 6759 5600 4500 5727 054
Two-digit issue number required: 5641 8211 1116 6669