CyberSource Decision Manager Application

CyberSource logo
Platforms: Legacy eCommerce, KCCP eCommerce and eCommerce+OMS

Cybersource's Decision Manager provides a fraud protection platform that features the World's Largest Fraud Detection Radar as well as a flexible rules engine that lets you customize rules to suit your business case. With Decision Manager, you can screen orders for risk in an effort to prevent fraud.

The Cybersource Decision Manager application integrates your Decision Manager account with your Kibo site so that orders you receive on your site are automatically screened by Decision Manager. Orders receive a fraud score and a validation result from Decision Manager that eCommerce uses to either accept, reject, or flag an order for further review.

Application Features

  • Automatically sends information about submitted orders to Decision Manager, including the shopper's browser type, IP address, device type, billing information, etc.
  • Validates orders against your Decision Manager rules to determine a fraud score and validation result.
  • Updates order status in  eCommerce to Accepted, Pending Review, or Cancelled based on Decision Manager validation results.
  • Syncs order status information with Decision Manager at scheduled intervals.
  • Avoids excessive overhead for low-value orders by allowing you to set a monetary threshold below which orders are not screened for fraud.
  • Maps eCommerce data to Decision Manager to facilitate the creation of fraud detection rules based on fields such as a shopper's email address or payment type.
  • Complete a combined authorization and fraud validation check in one call from eCommerce to Decision Manager. In this scenario, if you capture a partial payment, Kibo will send the authorization and fraud validation check to Decision Manager. At this stage, the Decision Manager Application status is Review and the Kibo order status is Pending Review. Then, if you capture more of the payment with the same credit card, Kibo will NOT resend the fraud validation check to Decision Manager. For subsequent payment captures on the order, the Kibo status is Processing and the DM status is Accepted. This functionality requires set up on your tenant. Submit a Kibo Support ticket to request this functionality.

Install the App

For assistance installing the application, please reach out to your SI partner or Kibo's professional services and enablement team.

Configure the Application

To integrate your Decision Manager services with Kibo, review the configuration requirements to ensure you have everything you need to be successful before you begin, and then complete the steps in this section.

Configuration Requirements

  • The Cybersource Decision Manager application must be installed on your tenant.
  • You must have an active Decision Manager account.

Configuration Process

The following sections walk you through the configuration process for the Decision Manager App:

  1. Obtain Decision Manager Account Information
  2. Open the App Configuration Settings
  3. Add Your Decision Manager Account Credentials
  4. Configure Fraud Detection Settings
  5. (Optional) Configure Order Synching
  6. (Optional) Map Kibo eCommerce Fields to Custom Fraud Detection Rules

Obtain Decision Manager Account Information

Note your Decision Manager account credentials. You will enter these credentials in eCommerce.

  1. Log in to the Cybersource Business Center.
  2. Note the username and password that you use to log in to the Cybersource Business Center.
  3. Note your Account ID and Merchant ID.

    Example of an Account ID and Merchant ID in CyberSource

  4. Create and note a Transaction Security Key for the SOAP Toolkit API.

    Callout of the Transaction Security Keys link in the Account Management drop-down

    If you have already created this key but lost or forgotten it, you will have to generate a new key.

Open the App Configuration Settings

  1. In Admin, go to System > Customization > Applications.
  2. Click Cybersource Decision Manager.
  3. Click the Configuration link to open configuration settings.
  4. Go to the Settings tab.
  5. Fill in the fields described in the following sections and click Save.

Add Your Decision Manager Account Credentials

Example of account credentials and a transaction key in CyberSource settings Settings Tab: Account Credentials

1 Organization ID—Specifies whether to connect to the Cybersource Test Business Center or the Live Business Center. The Test Business Center simulates transactions, and is ideal for testing your app configuration. The Live Business Center processes real transactions. For Test, use 1snn5n9w. For Live, use k8vif92e.
2 Merchant ID—Your Decision Manager Merchant ID.
3 Transaction Key—The Transaction Security Key you created for the Decision Manager SOAP Toolkit API.

Configure Fraud Detection Settings

Example of fraud detection settingsSettings Tab: Fraud Detection Settings

4 Threshold Enabled—(Optional) Sets a monetary value below which orders are not sent to Decision Manager. You can use this setting to optimize performance for customers making low-value orders that do not carry significant fraud risk.


The Threshold Value only applies to the largest payment that is an enabled payment type (7) for fraud validation.

5 Cancel Order When Rejected in DM—(Optional) Specifies to automatically cancel orders in Kibo that are rejected by Decision Manager. If not enabled, orders rejected by Decision Manager are set to Pending Review. Cancelled orders cannot be reverted to a non-cancelled state.
6 Export Order Item Price as 0.00—(Optional) Specifies to export orders to Decision Manager with the price for individual line items set to 0.00. Selecting this option will make the total amount of the order 0.00 in Decision Manager. If you want to zero out line items but still see the full order amount in Decision Manager, you can add the Order Total as a custom mapping.
7 Select Payment Type—Specifies the payment types to check for fraud in Decision Manager. Kibo sends ONLY the payment types you select to Decision Manager. If you select multiple payment types, Kibo sends only the largest selected payment type applied to a given order to Decision Manager for screening.


The PayPal Express payment type is only supported for the legacy version of Kibo eCommerce PayPal, implemented through Kibo eCommerce Core 8 and earlier. If you are implementing PayPal support through the PayPal Express Certified Kibo eCommerce Application, Decision Manager does not check PayPal payments for potential fraud. Cybersource's current tooling requires a billing address with every order. PayPal Express obscures billing information for security reasons, so Kibo cannot provide it to Cybersource.

8 Environment—Specifies the Decision Manager environment to use for fraud checking. If you select Test, the application sends order information to Decision Manager's test site, where you can evaluate fraud detection rules in a sandbox setting. When you are satisfied with the rules you set in Decision Manager, choose Production to enable live fraud detection on your site.

(Optional) Configure Order Synching

Example of order synch frequency settingsSettings Tab: Order Synching

9 Order Synch Frequency—(Optional) Specifies how often Kibo queries Decision Manager for updates on orders. If you accept or reject an order in Decision Manager that is Pending Review in Kibo eCommerce, the order synch frequency determines how long it takes for the order status to update in Kibo eCommerce. If this option is Disabled, Kibo does not query Decision Manager, and you must manually process the order in Kibo eCommerce.


Balance the frequency at which you receive updates in Kibo with the amount of bandwidth you are comfortable using to send order sync queries from Kibo to Decision Manager.

10 User Name—The user name you use to log in to the Cybersource Business Center.
11 Password—The password you use to log in to the Cybersource Business Center.

Create Custom Rules

If you want to add to the rules that Decision Manager uses to screen an order for fraud risk, you can use the Cybersource Business Center to modify the existing rules or create new custom rules. To help you build custom rules, you can map eCommerce fields, such as email address and payment types, to available merchant-defined data (MDD) fields in Decision Manager. Afterwards, you can associate the MDD fields with custom fields in Decision Manager and use the custom fields in your fraud detection rules.

This step is not optional - at least one rule must exist in order for the transaction to go through the Decision Manager.

Create Custom Mappings from Kibo eCommerce

  1. Open the Decision Manager app configuration settings dialog.
  2. Go to the Custom Mapping tab.

    This tab only appears after you configure and save your account information on the Settings tab.

  3. Select the Merchant ID for the Cybersource account you are mapping.
  4. Click Add Custom Mapping and fill in the following fields:

    Example of custom mapping configurations

1 Merchant ID—The Decision Manager Merchant ID you selected on the previous page.
2 Domain—The type of eCommerce data you are mapping. The value you choose determines the options that appear in the Mozu Data menu.
3 Mozu Data—The specific order or customer data field from eCommerce. Once a field is mapped, it no longer appears in the list.
4 Cybersource Data—The Decision Manager merchant-defined data field to which you are mapping the Mozu Data. Only available fields appear in the list.
5 Include in Offer Details—Specifies whether to include the custom mapping as a column in the Decision Manager Offer Details table.
6 Offer Detail Value Column—Specifies which column in the Decision Manager Offer Details table displays the mapped data. If you select Price, the mapped data must be a decimal. SKU can display any data type.

Create Custom Fields in Decision Manager

After you create your mappings in eCommerce, you must log in to Decision Manager account and associate a custom field with a mapped merchant-defined data field. Creating this association is necessary because fraud detection rules don't access merchant-defined data fields directly.

For example, if you create a mapping in eCommerce that assigns a customer's email address to Merchant-Defined Data 7, complete the following steps to create the custom field in Decision Manager:

  1. Log in to the Cybersource Business Center.
  2. Go to Decision Manager > Configuration > Custom Fields.
  3. Click Add Custom Field.
  4. Select merchant_defined_data7 as the Order Element and give the field a logical name, such as Email.
  5. Click Save to create the field.

You can now go to Configuration > Custom Rules to create a new rule. In the Rule Conditions, your custom fields appear in the Order Element drop-down. For more information on creating custom rules and fields in Decision Manager, refer to the Decision Manager User Guide available through the Cybersource Business Center.

Add the Decision Manager Widget to Your Theme

For each fraud screen it performs, Decision Manager requires a device fingerprint that helps identify the computer or device from which an order originates. You must add the Decision Manager Widget, available on GitHub, to the checkout page of your eCommerce site(s) to capture each customer's device fingerprint and send it to Decision Manager.

The Mozu/Integration-DecisionManagerWidget repository is private. Contact Kibo Support with your GitHub username to request access to this repo.

Update Your Theme

  1. Clone or download the GitHub repository.
  2. Add or merge the files listed above.
  3. Run Grunt to build the theme.
  4. Upload the resulting ZIP file to Dev Center.
  5. Install the updated theme to the sandbox you’re working in.
  6. In Admin, go to Main > Content > Themes, right-click the new theme, and click Apply.

Add the Widget to Your Checkout Page

Note that you can only perform this step if you are using a Kibo site.

  1. In Admin, go to Content > Editor.
  2. In the Site tree, navigate to Templates > Checkout.
  3. Click Widgets at the top of the editor.
  4. Drag the DecisionManager Device Fingerprint widget to any dropzone on the checkout page. The widget is not visible to customers, so placement on the page is not important.

Enable the App

After configuration, enable the Cybersource Decision Manager application to apply its functionality to your tenant.

  1. In Admin, go to System > Customization > Applications.
  2. Click Cybersource Decision Manager Application.
  3. Click Enable App.

You can now preview Decision Manager functionality on your site.

Use the App

Once you have installed, configured, and enabled the Cybersource Decision Manager Application, the app automatically begins sending eCommerce orders to Decision Manager for fraud detection. The amount of work you must do to process orders depends on your app configuration. For example, in the most streamlined scenario (you enabled both an Order Synch Frequency and Cancel Order When Rejected in DM), you only have to process orders in Decision Manager.

Refer to the Application Logic section at the end of this document for a diagram of the order status change process.

When an order is sent to Decision Manager, the status of the order in Kibo changes to Pending Review. Decision Manager screens the order and attaches one of the following validation results: accept, review, or reject. If the validation result is review, further action is required in Decision Manager to either accept or reject the order.

Process Orders in Decision Manager

In Decision Manager, Kibo orders appear with their Kibo order number as the Merchant Reference Number. This makes it easy for users to locate the order in Decision Manager:

  1. Log in to Decision Manager and navigate to Case Management > Case Search in the left navigation menu.

    Callout of the Case Search link in CyberSource

  2. Use the Search Parameters to locate the order(S) that need processing. If you know the order number, you can search for it explicitly using the Field and value search.

    Example of CyberSource search parameters

  3. (Optional) If your search returns multiple results, click the order number in the Results table to view the Case Management Details.
  4. Review the order. Note that the Case Management Details list the order number as the Merchant Ref Number.

    Callout of a merchant reference number in CyberSource

  5. Process the order in Decision Manager as you normally would.

Process Orders in Kibo eCommerce

Automatic Order Processing

All orders are set to Pending Review when they are sent to Decision Manager. If you configured order synching, the Decision Manager App automatically updates the order status after a Decision Manager result is received.

Additionally, if the order was manually reviewed in Decision Manager, the reviewer name and comments from Decision Manager appear in the Orders module in Admin, on the Order Details tab:

Example of internal notes in order details

If you did not set up order synching, you must manually process the order in eCommerce to change its status.

The basic status mapping for auto updates is as follows:

Decision Manager Validation Result Kibo Order Status
accept Accepted
review Pending Review
reject Cancelled1

1 If you enabled Cancel Order When Rejected in DM in the app Configuration settings, an order that is rejected in Decision Manager is automatically moved to Cancelled in Kibo. If you did not enable Cancel Order When Rejected in DM, an order that is rejected in Decision Manager remains in Pending Review until you manually change the order status.

These status mappings apply regardless of whether the state change in Decision Manager is triggered manually by a fraud reviewer or automatically by a rule.

Refer to the Application Logic section at the end of this document for a diagram how order status is mapped from Decision Manager to Kibo.

Manual Order Processing

If you did not enable order synching, all orders sent to Decision Manager remain in Pending Review until you manually process them in Admin:

  1. In Admin, go to Main > Fulfillment > Orders.
  2. Locate the order and click the row to open the Orders editor.
  3. On the Order Details tab, locate Attributes.
  4. Use the Decision Manager Fraud Results to review the reasons the order is pending review.

    Example of CyberSource fraud results in order details

    1. Note whether Decision Manager accepted, rejected, or marked the order for further review.
    2. Consider fraud risk information such as the fraud score result (afsResult), risk factor codes (afsFactorCode), and reason code (ReasonCode). For example, in the preceding screenshot, you can determine that Decision Manager rejected the order due to a fraud score result that may be above your ignore threshold based on risk factor codes that include phone inconsistencies and high account usage.

      For help interpreting all the values listed in the Decision Manager results, refer to the Decision Manager Developer Guide: Using the Simple Order API available through the Cybersource Business Center.

  5. If you think the order is fraudulent, click Cancel Order. Otherwise, click Accept Order.

You can also use the Decision Manager website to accept or cancel orders pending review. If you update an order through the Decision Manager website, you see the update in Kibo in accordance with the order synchronization interval you set in the configuration settings.

Application Logic

This section provides decision trees to help illustrate how the Cybersource Decision Manager Application makes two key decisions:

  • (Figure 1) Whether send an order to Decision Manager for fraud detection.
  • (Figure 2) How to change the status of a Kibo order based on the fraud detection results.

The branches in each diagram depend on how you configure the app. Review the App Configuration Settings for additional context.

Perform Fraud Detection?

Chart determining when to perform fraud detectionFigure 1: Process for determining whether to send an order to Decision Manager for fraud detection.

Update Order Status?

Flow chart to determine when to update order statusFigure 2: Process for determining whether to update Kibo order status based on Decision Manager fraud result.