Views:

Migration Details for the Cybersource Shopify Plugin

Shopify is enhancing its payment platforms and processing functionality and will be decommissioning their existing integration to Cybersource. In response, Cybersource has developed a new App using the updated Shopify framework. This article provides information to help you plan for this change. The changes to your Shopify account will need to be made by your Shopify Administrator, but the process will be quick and easy.

 

Overview

This new application allows for a quick and easy connection between Shopify’s platform, Cybersource, and your online store. If your business depends on Cybersource for payment processing, you can depend on this application.

 

Features supported in New Integration

Transaction Types

  • Authorization (Authorize Only) 
  • Sale (Auth & Capture) 
  • Capture (Capture Only) 
  • Void (Reversal) 
  • Refund (Credit) 
    • If the transaction is settled, then a partial refund is allowed. 
    • A partial refund is not supported for non-settled transactions. In this case it will void the transaction for the full amount. 
    • Transactions processed on the legacy app will need to be refunded through the legacy app, however this will be managed seamlessly by Shopify; merchants can carry on processing transactions as normal. Refunds can be processed through the legacy integration up to 6 months after the merchant has migrated to the new app.

Payment Methods

  • Card Brands 
    • Visa 
    • MasterCard 
    • AMEX 
    • Discover 
    • Diners 
    • JCB
  • Apple Pay
  • Google Pay 
  • Subscriptions: As part of a commitment to enhancing the integration in line with Shopify's extended functionality we have added support for Shopify's subscription framework.

Payment Capture Options

  • Auto-Capture
  • Delayed Capture
  • Partial Capture
  • Manual Capture
 

Steps/ Best Practices for the Migration

The migration process involves installing and activating the new application.

In addition to the steps below, we have a video showing the process of switching from the legacy integration to the new Cybersource App.

Best Practices

  • Before initiating the migration process, each merchant utilizing the classic checkout must update to the latest Shopify checkout. Only those merchants on checkout extensibility (the new checkout) will be able to onboard the new Cybersource Payment apps. 
  • It is recommended to proceed with the installation of the new application during a non-peak time when you are not experiencing high traffic on your site.  
  • It is in your best interest to migrate early in the week during normal business hours in case of needed support assistance.  

Please note that refunds are not currently working for scenarios where there has been multi-captures.  We are working on the fix for this.  If you need to refund in this scenario, please use the Business Center.

Migration Steps

  1. Access the Cybersource app in the Shopify App Store and select Install.
  2. Log in with your Shopify admin credentials.
    A screenshot of a computer<br><br>Description automatically generated
  3. Once in your Shopify Account, select Install.
  4. You will be redirected to the Cybersource Business Center where you will log in and accept the Onboarding Agreement and enable 3D Secure if required.
  5. You will be redirected back to Shopify to select the card brands you accept (based on your existing Cybersource and Shopify processing) and select Activate in the lower right corner. Apple Pay and Google Pay can be enabled after selecting Activate.
  6. You can further manage your migrated application by logging into your Shopify admin account by navigating to Settings > Payments > Manage
    1. Any Changes made will need to be saved to be implemented.
    2. Payment Capture Method changes can be made by selecting Manage in that section
      A screenshot of a payment method<br><br>Description automatically generated
 

Impact of the Migration FAQ

If you update in time, there will be no changes for the you and your shoppers, however Cybersource recommends you should take action as soon as possible. The legacy Cybersource payment gateway via Shopify will be decommissioned in the future. If you do not update by the EOL date, your payment card option at checkout will disappear. Refunds will not be impacted by this change. You will still be able to process refunds after migrating to the new App.

1. Why has Cybersource built a new integration to Shopify?

Shopify have re-architectured their payment infrastructure and requiring all payment partners to migrate to this new architecture (Details here). We have aimed to ensure that we can provide parity with the existing integration wherever possible, however as part of the migration some elements of the existing integration will change or will no longer be available, we’re continuing to work with Shopify to limit as many changes as possible, however, some are unfortunately outside of our control.

2. How do I test the new integration before going to Production?

With the new Shopify architecture, it is not possible to dynamically switch between Test and Production as Cybersource has distinct endpoints and Access Requirements, with this in mind we have worked with Shopify to be able to distribute a dedicated test application:
https://apps.shopify.com/cybersource-cas

3. What are the known changes or gaps with the new integration?

  • Transaction ID Visibility and Reporting
    • As part of the migration to the new Shopify Payment Provider Platform, Shopify identifiers are now the primary ID utilized throughout the Shopify platform.  We are no longer able to return our RequestID to Shopify.  The Cybersource requestID remains available within the Cybersource Business Center if required.
    • As covered in this Shopify community discussion, Shopify doesn’t share the Shopify order ID for payment apps to be able to associate the Shopify order ID or order name with the Cybersource order ID. Additionally, Shopify no longer allows new payments app integrations to set the authorization field on the Shopify order.  
    • As Cybersource values are no longer available within Shopify, they cannot be ingested in to reporting and reconciliation applications, therefore they will now need to reference the Shopify payment session ID both within Shopify and Cybersource
  • 3rd Party Applications 
    • With all reference ID's changing, any 3rd party applications which interact with our integration will need to be updated to reference the new Shopify payment ID. i.e. If you have an existing 3rd party application which fulfils orders and requests a capture, you can no longer capture based on the Cybersource request ID. For further details on how 3rd party applications should interact with the Payment Provider Platform, the merchant should contact Shopify.  This primarily affects subscription and order management/fulfilment applications, however any application that has relied on the Cybersource request ID is affected.
  • Accepted Payment Type Logos are No Longer Visible on Checkout
    • This functionality is not currently supported within the new Shopify Payment Provider Platform architecture. In order to mimic this functionality, merchants can directly add the logos to their website experience.  
  • Limited Fields Available for Fraud Manager Decisioning
    • Cybersource receives limited information for processing as part of the Shopify Payment Provider Platform API's, therefore we are now limited on the fields that can be used for making fraud decisions. Cybersource is working closely with Shopify to enhance the number of fields, however in the interim merchants will be required to review their fraud settings to ensure they are still able to make informed decisions with the available fields. Additionally, Cybersource is now limited in the fields that can be returned (i.e. AVS and CVN response data). Cybersource is aware that some merchants use this detail for minor fraud. Providing these details to Shopify will no longer be possible until the Shopify platform is updated to allow for the additional fields.
  • Unable to Manage Fraud Review Flows
    • Although historically unsupported, we're aware of merchants using 3rd party applications or manually updating the Shopify platform with fraud review actions. You will no longer be able to do so with the new integration. Merchants are currently limited to a 15-minute window to action on fraud-reviewed transactions.  
    • Cybersource recommends that merchants use an Accept/ Reject model for payments originating from Shopify until Shopify can suitably extend the time period. We are working with Shopify to increase the 15-minute window going forward

4. What are the current timelines for migration?

Shopify would like merchants to be migrated in 2025. Any official or further deadlines will be communicated directly to merchants as per the agreements made.  

5. How can I match transactions from Shopify to Cybersource now?

When a transaction is created, a Shopify payment ID is generated and stored against the specific order within the Shopify Admin Panel. In order to find this value, access the specific order and expand the section noted "...Payment was processed on Cybersource". There will be an additional section for "information from the gateway" where the value can be seen. Within Cybersource, you can view the Shopify payment ID which is mapped to the merchant reference number field within Business Center screens and reports.

6. I am currently using 3D-Secure directly with credentials provided by Shopify (through Cardinal). How will this work going forward?

Cybersource has worked with Cardinal Commerce to ensure that merchants are onboarded to our joint 3D-Secure platform. It is still a requirement that merchants are boarded to a Cybersource Cardinal Profile that supports Payer Authentication. Before testing transactions you can ensure you have been successfully migrated by checking within the Payment Configuration > Payer Authentication Configuration page and ensuring that you have credentials stored.