Post Incident Report - Cybersource Unified Checkout Failed Token Creation - INC25679539
Post Incident Report - Cybersource Unified Checkout Failed Token Creation - INC25679539
KA-10723
16
05/22/2026 00:01 AM
1.0
Incident Date/Time
Start: 21 May 2026 10:30 GMT
End: 21 May 2026 18:14 GMT
Description of Issue
On 21 May 2026 at 10:30 GMT, Cybersource identified an issue in the post-authorization flow that blocked token creation requests after a recent software release. As a result, authorizations succeeded without generating token IDs, impacting merchants using Unified Checkout. No direct authorization transaction failures were reported.
Impact
Unified Checkout was failing to return reusable tokens. Authorizations still succeed, but merchants that relied on token storage for future transactions were impacted.
Root Cause
The incident originated from an internal system issue resulting from a recent code deployment to the Cybersource platform. A configuration error associated with a software update to the Unified Checkout service led to the inability to generate new payment tokens following transaction authorization. The configuration issue was not discovered during pre-production testing.
Mitigating and Preventative Actions
To mitigate, Cybersource support teams initiated a rollback on the software update responsible for token creation failure which restored normal service.
To help prevent future recurrence, Cybersource plans to:
This was tracked and investigated under incident INC25679539 and EPS-38148.
Start: 21 May 2026 10:30 GMT
End: 21 May 2026 18:14 GMT
Description of Issue
On 21 May 2026 at 10:30 GMT, Cybersource identified an issue in the post-authorization flow that blocked token creation requests after a recent software release. As a result, authorizations succeeded without generating token IDs, impacting merchants using Unified Checkout. No direct authorization transaction failures were reported.
Impact
Unified Checkout was failing to return reusable tokens. Authorizations still succeed, but merchants that relied on token storage for future transactions were impacted.
Root Cause
The incident originated from an internal system issue resulting from a recent code deployment to the Cybersource platform. A configuration error associated with a software update to the Unified Checkout service led to the inability to generate new payment tokens following transaction authorization. The configuration issue was not discovered during pre-production testing.
Mitigating and Preventative Actions
To mitigate, Cybersource support teams initiated a rollback on the software update responsible for token creation failure which restored normal service.
To help prevent future recurrence, Cybersource plans to:
- Enhance pre-release testing and validation especially for tokenization and post-authorization processes
- Implement additional safeguards for changes affecting critical services such as token generation
- Upgrade monitoring and alerting for token creation and related services
This was tracked and investigated under incident INC25679539 and EPS-38148.
Post Incident Report - Cybersource Unified Checkout Failed Token Creation - INC25679539.pdf
Was this article helpful?
Articles Recommended for You