Server Release Notes for July 27, 2005

These release notes apply to the ICS test and production servers.

Advanced Fraud Screen and Decision Manager

Many changes have been made that are common to Advanced Fraud Screen and Decision Manager:

Purchase Frequency is now referred to as Global Velocity.

You can receive these new information codes:

  • Address: NEG-WARN, UNV-ADDR
  • Global Velocity: VEL-ADDR, VEL-NAME
  • Suspicious Information: RISK-SD, RISK-T

The Merchant Impact Report is a new report available to merchants who are signed up for the Advanced CyberSource package. This monthly report shows how your transactions will appear when evaluated against the future risk model. The report that you receive is specific to your merchant ID and is divided into two sections: review rates and factor code distribution. To receive this report, contact your CyberSource Technical Account Manager.

The review rates for Advanced Fraud Screen have been updated.

For more information, see the Advanced Fraud Screen and Decision Manager Implementation Guides, which are available on the Support Center.

Decision Manager: Merchant-Specific Velocity

Merchant-specific velocity is now available in the Enterprise Business Center. These tests helps you reduce fraud and enforce your distribution rules by accessing transaction details specific to your business.

CyberSource has created default order velocity rules that are available to all users. These rules help you determine whether the order should be accepted, rejected, or suspended for review. In addition, if you are an Advanced Edition user, you can create and modify as needed a comprehensive number of rules that take into consideration your business structure and products, as well as the current market and fraud trends.

You can use these tests either before authorization (early processing) or after authorization.

For more information, see the Decision Manager Implementation Guide appropriate for your implementation and the Decision Manager Tutorials. All the documentation is available on the Support Center.

Decision Manager: New API Fields for Both Standard and Advanced Editions

These fields for the SCMP API have been added to both editions of Decision Manager to support merchant-specific velocity:

  • decision_early_rcode
  • decision_rcode
  • decision_rflag
  • decision_rmsg
  • decision_velocity_ info

If you use the Simple Order API, you can see the equivalent information in the Enterprise Business Center transaction search details page.

For more information, see the Decision Manager Implementation Guide appropriate for your implementation and the Decision Manager Tutorials. All the documentation is available on the Support Center.

Decision Manager: Fields for Advanced Edition Only

Advanced Edition users: transaction day of week and transaction time of day are new API fields in the condition editor. You can use these fields to create custom business and profile selector rules.

For more information, see the Decision Manager Implementation Guide appropriate for your implementation and the Decision Manager Tutorials. All the documentation is available on the Support Center.

Payer Authentication

A reply field has been added to the guide: payerAuthEnrollReply_ proofXML (Simple Order API) or pa_enroll_proofxml (SCMP API). This field applies to non-US-issued cards and contains data that Visa may require as proof of enrollment checking for non-enrolled Visa transactions that you re-present because of a chargeback.

For more information, see the Payer Authentication Implementation Guide, which is available on the Support Center.

Verification Services and Export Compliance

CyberSource has updated the definition of the API field export_address_operator (SCMP API) and exportService_addressOperator (Simple Order API). CyberSource attempts to match against as much information as the Denied Parties List (DPL) and the transaction contain. These fields now use three operators:

  • AND: By default, Export Compliance detects a match only if the DPL includes the customer's name or company and the customer's address. However, if an entry contains only a name, this entry will match any address. This option is the most useful because it returns the fewest false-positive matches.
  • OR: You can use this value if you want the service to detect a match of the customer's name or company or of the address.
  • IGNORE: You can use this value if you want the service to detect a match only of the customer's name or company but not of the address. However, the automatic blocked countries check is still performed.

For more information, see the Verification Services Implementation Guide, which is available on the Support Center.

Credit Card Services: Level II and Level III with Citibank Global

If you are using Citibank Global as your processor, you may now process Level II and Level III transactions. For more information, contact your CyberSource Technical Account Manager.

Credit Card Services: Airline Data with American Express Brighton

If you are using American Express Brighton as your processor, and you are providing airline data in your capture and credit requests, you have a new optional API field for providing a booking reference number for the transaction. If you are using the Simple Order API, the field is airlineData_bookingReference. If you are using the SCMP API, the field is airline_booking_reference. You can send up to 15 alphanumeric characters in the field.

Global Payment Service: Bank Transfer Refunds in Spain

If you are processing bank transfers in Spain through CyberSource's Global Payment Service, when you process a bank transfer refund, you must now provide the bank name in the request to avoid the request being rejected by the bank. If you are using the Simple Order API, the API field is bankInfo_name. If you are using the SCMP API, the API field is bank_name. For more information, see the Global Payment Service Developer's Guide, which is available on the Support Center.

Global Payment Service: Use of e-commerce Indicator

If you are processing Carte Bleue transactions through CyberSource's Global Payment Service, you may now indicate when a Carte Bleue transaction is an internet, mail order/telephone order (MOTO), or recurring transaction. If you are using the Simple Order API, set the ccAuthService_commerceIndicator field to one of these values: internet, moto, or recurring. If you are using the SCMP API, set the e_commerce_indicator field.

If you do not include the e-commerce indicator field at all in the authorization request, CyberSource will not send a value indicating the type of transaction to the processor (Global Collect). Global Collect will instead use the default value they have stored for you in their system.

A recurring transaction cannot include a CV number. If you send an authorization request that indicates a recurring transaction, and you include the CV number in the request, CyberSource will reject the request for invalid data.

Simple Order API (formerly the Web Services API)

Version 1.15 of the Simple Order API has been released. For information about what has changed, see the Simple Order API Release Notes, which are available on the Support Center