CyberSource Security Keys

• High Level Process

• Generate or Renew Security Keys

• Additional Renewal Information

• Submit Security Keys to Paymetric

The CyberSource platform requires one security key per Merchant ID per environment for authentication purposes. This requirements applies to both Payments and Fraud Services. So, if a Merchant is using the CyberSource Fraud Services only and processing payments through another processor, this topic is still applicable.

The security keys are text string (.txt) files that are valid for approximately three years once created or renewed.

CyberSource provides Clients with the ability to create or renew their security keys via a website. This topic provides instructions on how to generate and renew keys via the CyberSource website and how to submit the keys to Paymetric.

High Level Process

The following high level steps outline the process for creating and submitting CyberSource Security Keys:

1. Customer creates CyberSource security keys for QA and Production environments for each Merchant ID using CyberSource Business Center.

2. Customer uses Merchant Portal to submit the CyberSource security keys to Paymetric.

Generate or Renew Security Keys

Access the appropriate CyberSource URL to review your security keys. If you have questions or need assistance with this step, contact your CyberSource relationship manager or agent.

Additional Renewal Information

It is important that the security key remains up-to-date. Review the following information regarding renewals.

• CyberSource notifies the authorized, named contact(s) well in advance of expiration of the CyberSource Security Keys. Reminders are also sent at given intervals. Be sure your contacts are up to date with CyberSource so the correct individuals are notified.

• It is the Client's responsibility to obtain or renew the CyberSource Security Key file(s) - based on instructions furnished by CyberSource, and provide them to Paymetric in a timely manner in order to configure the security key(s) in the appropriate servers. Failure to do so will result in a production-down situation.

Authorization and Settlement requests will fail if the CyberSource security key configured at Paymetric has expired. The failed transactions in XiPay will be flagged with message CybsErr, which is visible in the XiPay WebGUI transaction details. See the following screenshot for an example of the error.

The security keys need to be provided to Paymetric in a timely manner in order to update the appropriate XIID configuration. Failure to do so, will result a in a production-down situation.

Submit Security Keys to Paymetric

1. If you are an appropriate Merchant Portal user (i.e., Portal Admin, Approving Manager), then upload the CyberSource security key text file in Merchant Portal (https://ondemand.paymetric.com).

2. Once logged in, go to Settings > XiPay, and select the appropriate XiPay environment. Perform the following steps to upload your security key.

3. Either add new Payment Configuration or select an existing one to edit.

   

4. On the Setup tab, locate the Security Key field, and click browse. Note there will separate key upload options for QA and Production.

5. Navigate to the appropriate text file, select and click Open.

6. Save the setup.

7. Perform the following sub-steps to submit the Onboarding request in Merchant Portal.

   1. Go to Settings > Services > Onboarding.

   2. On the Onboarding page, expand the appropriate environment section (QA or Production).

   3. On the Notes tab, enter reason for Onboarding request.

   4. Click the XiPay tab, and select the XIID to be processed.

   5. Under Summary of Request on the right side of the page, click Request Setup.

8. Once you have completed step 5, and support processes your request, you will receive an email notification of completion.

9. Upon receipt of email notification, you should complete testing in both QA and Production environments to ensure continued service and prevent any service down-time.