These release notes apply to the ICS test and production servers.
CyberSource added support for a new processing gateway to Lloyds-OmniPay. This new gateway supports airline data processing. For information about the features that are supported for this gateway, see the Credit Card Services Implementation Guide and the Airline Data Addendum.
In requests that include a card type field, CyberSource strongly recommends that you send the card type even if it is optional for your processor. Omitting the card type can cause the transaction to be processed with the wrong card type.
Merchant-defined data fields are in the APIs for subscriptions and customer profiles. In the Simple Order API, these fields are named merchantDefinedData_field1 through 4. In the SCMP API, these fields are named merchant_defined_data1 through 4.
Merchant-defined data fields are not intended to and MUST NOT be used to capture personally identifying information. Accordingly, merchants are prohibited from capturing, obtaining, and/or transmitting any personally identifying information in or via the merchant-defined data fields. Personally identifying information includes, but is not limited to, name, address, credit card number, social security number, driver's license number, state-issued identification number, passport number, and card verification numbers (CVV, CVC2, CVV2, CID, CVN). In the event CyberSource discovers that a merchant is capturing and/or transmitting personally identifying information via the merchant-defined data fields, whether or not intentionally, CyberSource WILL immediately suspend the merchant's account, which will result in a rejection of any and all transaction requests submitted by the merchant after the point of suspension.
It is always the responsibility of the developer who is using the API to make sure that the data being sent to CyberSource is complete (no missing fields) and correct (no invalid data). This should be accomplished by performing edit checks of data entered from web sites and point of sale applications before sending information to CyberSource. Nonetheless, as an aid to developers, if a service request is issued with missing or invalid information, you will receive a reason code stating this as well as one or more reply fields named invalidField_0...N or missingField_0...N, which list the fields that need to be corrected. For example, if a request is missing three fields, you will receive at least one and up to three reply fields named missingField_0, missingField_1 and missingField_2. The circumstances that determine how many fields are returned and what they contain depend on the services being called and the nature of the missing or invalid information. Furthermore, API behavior with respect to these reply fields is always subject to change. Please note that for these reasons, no attempt should be made to use these fields for customer communication. They are included in the API only as an aid to software developers.
Version 1.23 of the Simple Order API has been released. For information about what has changed, see the Simple Order API Release Notes, which are available on the Support Center.