web
You’re offline. This is a read only version of the page.
close

What can we help you with?

ISV Plugins - Shopify Plug-in Migration

Details for migration from legacy native Shopify ISV connection for transaction processing to the new Shopify managed (CYBS developed) plug-in.


KA-04247


37

03/20/2026 16:41 PM

2.3

Introduction

This article covers Shopify plugin-specific behaviors and expectations for processing, including refunds, payments, charges, and limits. This information applies specifically to the Cybersource Shopify plugin. For general information on payment limits for sales, refunds, authorizations, and credits, refer to Payments - Processor Limits for Sales/Refunds.

Shopify is enhancing its payment platforms and processing functionality and will be decommissioning their existing integration to Cybersource. In response, Cybersource has developed a new app using the updated Shopify framework. This article provides information to help you plan for this change. Your Shopify Administrator will need to make the changes to your Shopify account, but the process is quick and easy.

Overview

This new application allows for a quick and easy connection between Shopify's platform, CyberSource, and your online store. If your business depends on CyberSource for payment processing, you can depend on this application.

Understanding Supported Features

Transaction Types

  • Authorization (Authorize Only)
  • Sale (Auth and Capture)
  • Capture (Capture Only)
  • Void (Reversal)
  • Refund (Credit)
    • If the transaction is settled, a partial refund is allowed.
    • A partial refund is not supported for non-settled transactions. In this case, the transaction will be voided for the full amount.
    • Transactions processed on the legacy app will need to be refunded through the legacy app; however, this will be managed seamlessly by Shopify. Merchants can continue processing transactions as normal. Refunds can be processed through the legacy integration up to six months after the merchant has migrated to the new app.

Payment Methods

  • Card Brands
    • Visa
    • Mastercard
    • American Express (AMEX)
    • Discover
    • Diners
    • JCB
  • Apple Pay
  • Google Pay
  • Subscriptions: Support for Shopify's subscription framework has been added as part of a commitment to enhancing the integration in line with Shopify's extended functionality.

Payment Capture Options

  • Auto-Capture
  • Delayed Capture
  • Partial Capture
  • Manual Capture

Completing the Migration

The migration process involves installing and activating the new application.

A video walkthrough is available showing the process of switching from the legacy integration to the new CyberSource app.

Best Practices

  • Before initiating the migration process, each merchant using the classic checkout must update to the latest Shopify checkout. Only merchants on checkout extensibility (the new checkout) will be able to onboard the new CyberSource payment apps.
  • Proceed with the installation of the new application during a non-peak time when you are not experiencing high traffic on your site.
  • Migrate early in the week during normal business hours in case support assistance is needed.

Refunds are not currently working for scenarios where there have been multi-captures. CyberSource is working on a fix for this. If you need to process a refund in this scenario, use the Business Center.

Migration Steps

  1. Access the CyberSource app in the Shopify App Store and select Install.
  2. Log in with your Shopify admin credentials.
  3. Once in your Shopify account, select Install.
  4. Navigate to the CyberSource Business Center where you will log in, accept the Onboarding Agreement, and enable 3-D Secure (3DS) if required.
  5. Select the card brands you accept (based on your existing CyberSource and Shopify processing) and select Activate in the lower right corner. Apple Pay and Google Pay can be enabled after selecting Activate.
  6. Manage your migrated application by logging in to your Shopify admin account and navigating to Settings > Payments > Manage.
    1. Save any changes made to implement them.
    2. Make Payment Capture Method changes by selecting Manage in that section.

Frequently Asked Questions

If you update in time, there will be no changes for you and your shoppers. CyberSource recommends taking action as soon as possible. The legacy CyberSource payment gateway via Shopify will be decommissioned in the future. If you do not update by the end-of-life (EOL) date, your payment card option at checkout will disappear. Refunds will not be impacted by this change. You will still be able to process refunds after migrating to the new app.

  • Why has CyberSource built a new integration to Shopify?
    Shopify has re-architected their payment infrastructure and is requiring all payment partners to migrate to this new architecture (details here). CyberSource has aimed to ensure parity with the existing integration wherever possible. As part of the migration, some elements of the existing integration will change or will no longer be available. CyberSource is continuing to work with Shopify to limit as many changes as possible; however, some are outside of CyberSource's control.
  • How do I test the new integration before going to production?
    With the new Shopify architecture, it is not possible to dynamically switch between test and production environments, as CyberSource has distinct endpoints and access requirements. CyberSource has worked with Shopify to distribute a dedicated test application: https://apps.shopify.com/cybersource-cas
  • What are the known changes or gaps with the new integration?
    The following known changes and gaps exist with the new integration:
    • Transaction ID Visibility and Reporting: As part of the migration to the new Shopify Payment Provider Platform (PPP), Shopify identifiers are now the primary ID used throughout the Shopify platform. CyberSource is no longer able to return its Request ID to Shopify. The CyberSource Request ID remains available within the CyberSource Business Center if required. Additionally, Shopify does not share the Shopify order ID for payment apps to associate with the CyberSource order ID or order name. Shopify no longer allows new payment app integrations to set the authorization field on the Shopify order. As CyberSource values are no longer available within Shopify, they cannot be ingested into reporting and reconciliation applications. You will now need to reference the Shopify payment session ID within both Shopify and CyberSource.
    • Third-Party Applications: With all reference IDs changing, any third-party applications that interact with the integration will need to be updated to reference the new Shopify payment ID. For example, if you have an existing third-party application that fulfills orders and requests a capture, you can no longer capture based on the CyberSource Request ID. For further details on how third-party applications interact with the PPP, contact Shopify. This primarily affects subscription and order management/fulfillment applications; however, any application that has relied on the CyberSource Request ID is affected.
    • Accepted Payment Type Logos Are No Longer Visible on Checkout: This functionality is not currently supported within the new Shopify PPP architecture. To replicate this functionality, merchants can directly add the logos to their website experience.
    • Limited Fields Available for Fraud Manager Decisioning: CyberSource receives limited information for processing as part of the Shopify PPP APIs. As a result, the fields available for making fraud decisions are limited. CyberSource is working closely with Shopify to enhance the number of fields available. In the interim, merchants are required to review their fraud settings to ensure they can still make informed decisions with the available fields. CyberSource is also limited in the fields that can be returned (for example, Address Verification Service (AVS) and Card Verification Number (CVN) response data). Providing these details to Shopify will not be possible until the Shopify platform is updated to allow for the additional fields.
    • Unable to Manage Fraud Review Flows: Although historically unsupported, CyberSource is aware of merchants using third-party applications or manually updating the Shopify platform with fraud review actions. This will no longer be possible with the new integration. Merchants are currently limited to a 15-minute window to act on fraud-reviewed transactions. CyberSource recommends that merchants use an Accept/Reject model for payments originating from Shopify until Shopify extends the time period. CyberSource is working with Shopify to increase the 15-minute window.
  • What are the current timelines for migration?
    Shopify would like merchants to be migrated in 2025. Any official or further deadlines will be communicated directly to merchants per the agreements made.
  • How can I match transactions from Shopify to CyberSource?
    When a transaction is created, a Shopify payment ID is generated and stored against the specific order within the Shopify Admin Panel. To find this value, access the specific order and expand the section labeled "...Payment was processed on CyberSource." An additional section for "information from the gateway" will display the value. Within CyberSource, you can view the Shopify payment ID, which is mapped to the merchant reference number field within Business Center screens and reports.
  • I am currently using 3-D Secure (3DS) directly with credentials provided by Shopify (through Cardinal). How will this work going forward?
    CyberSource has worked with Cardinal Commerce to ensure that merchants are onboarded to the joint 3DS platform. Merchants are still required to be boarded to a CyberSource Cardinal profile that supports Payer Authentication. Before testing transactions, verify a successful migration by checking within Payment Configuration > Payer Authentication Configuration and confirming that credentials are stored.

Glossary

  • 3DS - 3-D Secure: An authentication protocol designed to provide an additional layer of security for online card transactions.
  • AMEX - American Express: A card brand supported by the CyberSource Shopify integration.
  • AVS - Address Verification Service: A service used to verify the billing address of a credit card holder.
  • CVN - Card Verification Number: A security feature for card-not-present transactions.
  • EOL - End of Life: The date after which the legacy CyberSource Shopify integration will no longer be supported.
  • JCB - Japan Credit Bureau: A card brand supported by the CyberSource Shopify integration.
  • PPP - Payment Provider Platform: Shopify's updated payment infrastructure framework that all payment partners are required to migrate to.

Additional Resources

©2024-2025



Was this article helpful?


Articles Recommended for You