CyberSource Security Update for India Merchants Only – SSL certificate replacement (Action Required)
Subscribe
Update - Scheduled maintenance is still in progress. We will provide updates as necessary.
Sep 19, 2024 - 20:53 UTC
Sep 19, 2024 - 20:53 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Sep 13, 2024 - 20:01 UTC
Sep 13, 2024 - 20:01 UTC
Scheduled - Dear Valued Customer
What is happening:
To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the CyberSource platform, we are transitioning all CyberSource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
This requires that all merchants who use CyberSource endpoint URLs to integrate the newly issued Root and Intermediate (CA) SSL certificates from DigiCert into their systems. This must be done in both the TEST/CAS and Production environments prior to the scheduled revocation dates listed below.
CyberSource will also generate server-level (leaf) SSL certificates. However, it is recommended that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This method avoids the annual necessity to renew the server-level certificate.
Why is CyberSource taking action:
The utmost priority for CyberSource is to maintain secure and compliant communication channels across all of its endpoint URLs. Additionally, Google has planned to revoke Entrust certificates on its Chrome platform by October 30, 2024. This decision will also affect CyberSource clients who access our endpoints through the Chrome browser.
When Cybersource will revoke Entrust Certificates:
Cybersource is planning to revoke Entrust SSL certificates on the following dates:
CAS/TEST environment: Completed on August 16th, 2024 Starting time 4:00GMT (August 15th, 2024 21:00PDT)
Production environment (Shock Test)*: September 25th, 2024 Start Time: 4:00GMT End Time: 6:00GMT
Production environment: October 29th, 2024 Starting time 16:00GMT
*A "Shock" test will be done by migrating our Cybersource endpoints from Entrust to DigiCert SSL root and intermediate (CA) certificates for a short period during the day and then roll the change back. The purpose of the shock test is to provide the merchant the option to validate their connection and the chance to make adjustments to become compatible with our security update.
Action Required:
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL certificates, which correspond to the specific Cybersource endpoint they use.
We strongly urge you to test your implementation in the CAS/TEST environment as soon as Cybersource releases DigiCert new SSL certificates on August 15th, 2024. Testing in the Production environment won't be possible before the Production release date. Therefore, it's imperative to ensure your system is prepared by conducting all necessary tests in the CAS/TEST environment.
Please take note: Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the CAS/TEST environment.
Here is a list of Cybersource URLs that require immediate attention:
CAS/TEST URLs:
accountupdatertest.cybersource.com
apitest.cybersource.com
batchtest.cybersource.com
api.accountupdatertest.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
Production URLs:
ics2ws.in.ic3.com
api.in.cybersource.com
batch.in.cybersource.com
Root and Intermediate (CA) Certificates of the impacted Cybersource endpoints can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-05544
If your application requires trusting of certificates at the server (leaf) level, you must install (trust) the new certificates prior to expiration of existing certificates in order to avoid any production impact. The link to the Server-Level (leaf) SSL certificate can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/knowledgearticle/?code=000003572
Please contact your Customer Support representatives for any questions you may have about this change.
Thank You,
CyberSource Customer Support
Sep 13, 2024 20:00 - Oct 29, 2024 16:00 UTC
What is happening:
To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the CyberSource platform, we are transitioning all CyberSource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
This requires that all merchants who use CyberSource endpoint URLs to integrate the newly issued Root and Intermediate (CA) SSL certificates from DigiCert into their systems. This must be done in both the TEST/CAS and Production environments prior to the scheduled revocation dates listed below.
CyberSource will also generate server-level (leaf) SSL certificates. However, it is recommended that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This method avoids the annual necessity to renew the server-level certificate.
Why is CyberSource taking action:
The utmost priority for CyberSource is to maintain secure and compliant communication channels across all of its endpoint URLs. Additionally, Google has planned to revoke Entrust certificates on its Chrome platform by October 30, 2024. This decision will also affect CyberSource clients who access our endpoints through the Chrome browser.
When Cybersource will revoke Entrust Certificates:
Cybersource is planning to revoke Entrust SSL certificates on the following dates:
CAS/TEST environment: Completed on August 16th, 2024 Starting time 4:00GMT (August 15th, 2024 21:00PDT)
Production environment (Shock Test)*: September 25th, 2024 Start Time: 4:00GMT End Time: 6:00GMT
Production environment: October 29th, 2024 Starting time 16:00GMT
*A "Shock" test will be done by migrating our Cybersource endpoints from Entrust to DigiCert SSL root and intermediate (CA) certificates for a short period during the day and then roll the change back. The purpose of the shock test is to provide the merchant the option to validate their connection and the chance to make adjustments to become compatible with our security update.
Action Required:
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL certificates, which correspond to the specific Cybersource endpoint they use.
We strongly urge you to test your implementation in the CAS/TEST environment as soon as Cybersource releases DigiCert new SSL certificates on August 15th, 2024. Testing in the Production environment won't be possible before the Production release date. Therefore, it's imperative to ensure your system is prepared by conducting all necessary tests in the CAS/TEST environment.
Please take note: Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the CAS/TEST environment.
Here is a list of Cybersource URLs that require immediate attention:
CAS/TEST URLs:
accountupdatertest.cybersource.com
apitest.cybersource.com
batchtest.cybersource.com
api.accountupdatertest.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
Production URLs:
ics2ws.in.ic3.com
api.in.cybersource.com
batch.in.cybersource.com
Root and Intermediate (CA) Certificates of the impacted Cybersource endpoints can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-05544
If your application requires trusting of certificates at the server (leaf) level, you must install (trust) the new certificates prior to expiration of existing certificates in order to avoid any production impact. The link to the Server-Level (leaf) SSL certificate can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/knowledgearticle/?code=000003572
Please contact your Customer Support representatives for any questions you may have about this change.
Thank You,
CyberSource Customer Support
Sep 13, 2024 20:00 - Oct 29, 2024 16:00 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Sep 13, 2024 - 20:00 UTC
Sep 13, 2024 - 20:00 UTC
Update - We will be undergoing scheduled maintenance during this time.
Sep 13, 2024 20:00 - Oct 29, 2024 16:00 UTC
Sep 13, 2024 20:00 - Oct 29, 2024 16:00 UTC
Scheduled - Dear Valued Customer
What is happening:
To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the CyberSource platform, we are transitioning all CyberSource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
This requires that all merchants who use CyberSource endpoint URLs to integrate the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert into their systems. This must be done in both the TEST/CAS and Production environments prior to the scheduled revocation dates listed below.
CyberSource will also generate server-level (leaf) SSL certificates. However, it is recommended that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This method avoids the annual necessity to renew the server-level certificate.
Why is CyberSource taking action:
The utmost priority for CyberSource is to maintain secure and compliant communication channels across all of its endpoint URLs. Additionally, Google has planned to revoke Entrust certificates on its Chrome platform by October 30, 2024. This decision will also affect CyberSource clients who access our endpoints through the Chrome browser.
When Cybersource will revoke Entrust Certificates:
Cybersource is planning to revoke Entrust SSL certificates on the following dates:
CAS/TEST environment: Completed on August 16th, 2024 Starting time 4:00GMT (August 15th, 2024 21:00PDT)
Production environment (Shock Test)*: September 24th, 2024 Start Time: 16:00GMT End Time: 18:00GMT
Production environment: October 29th, 2024 Starting time 16:00GMT
*A "Shock" test will be done by migrating our Cybersource endpoints from Entrust to DigiCert SSL root and intermediate (CA) certificates for a short period during the day and then roll the change back. The purpose of the shock test is to provide the merchant the option to validate their connection and the chance to make adjustments to become compatible with our security update.
Action Required:
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL certificates, which correspond to the specific Cybersource endpoint they use.
We strongly urge you to test your implementation in the CAS/TEST environment as soon as Cybersource releases DigiCert new SSL certificates on August 15th, 2024. Testing in the Production environment won't be possible before the Production release date. Therefore, it's imperative to ensure your system is prepared by conducting all necessary tests in the CAS/TEST environment.
Please take note: Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the CAS/TEST environment.
Here is a list of Cybersource URLs that require immediate attention:
CAS/TEST URLs:
accountupdatertest.cybersource.com
apitest.cybersource.com
batchtest.cybersource.com
api.accountupdatertest.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
Production URLs:
accountupdater.cybersource.com
api.cybersource.com
batch.cybersource.com
api.accountupdater.cybersource.com
ics2ws.ic3.com
ics2wsa.ic3.com
Root and Intermediate (CA) Certificates of the impacted Cybersource endpoints can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-05544
If your application requires trusting of certificates at the server (leaf) level, you must install (trust) the new certificates prior to expiration of existing certificates in order to avoid any production impact. The link to the Server-Level (leaf) SSL certificate can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/knowledgearticle/?code=000003572
Please contact your Customer Support representatives for any questions you may have about this change.
Thank You,
CyberSource Customer Support
Sep 13, 2024 20:00 - Oct 29, 2024 16:00 UTC
What is happening:
To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the CyberSource platform, we are transitioning all CyberSource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
This requires that all merchants who use CyberSource endpoint URLs to integrate the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert into their systems. This must be done in both the TEST/CAS and Production environments prior to the scheduled revocation dates listed below.
CyberSource will also generate server-level (leaf) SSL certificates. However, it is recommended that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This method avoids the annual necessity to renew the server-level certificate.
Why is CyberSource taking action:
The utmost priority for CyberSource is to maintain secure and compliant communication channels across all of its endpoint URLs. Additionally, Google has planned to revoke Entrust certificates on its Chrome platform by October 30, 2024. This decision will also affect CyberSource clients who access our endpoints through the Chrome browser.
When Cybersource will revoke Entrust Certificates:
Cybersource is planning to revoke Entrust SSL certificates on the following dates:
CAS/TEST environment: Completed on August 16th, 2024 Starting time 4:00GMT (August 15th, 2024 21:00PDT)
Production environment (Shock Test)*: September 24th, 2024 Start Time: 16:00GMT End Time: 18:00GMT
Production environment: October 29th, 2024 Starting time 16:00GMT
*A "Shock" test will be done by migrating our Cybersource endpoints from Entrust to DigiCert SSL root and intermediate (CA) certificates for a short period during the day and then roll the change back. The purpose of the shock test is to provide the merchant the option to validate their connection and the chance to make adjustments to become compatible with our security update.
Action Required:
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL certificates, which correspond to the specific Cybersource endpoint they use.
We strongly urge you to test your implementation in the CAS/TEST environment as soon as Cybersource releases DigiCert new SSL certificates on August 15th, 2024. Testing in the Production environment won't be possible before the Production release date. Therefore, it's imperative to ensure your system is prepared by conducting all necessary tests in the CAS/TEST environment.
Please take note: Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the CAS/TEST environment.
Here is a list of Cybersource URLs that require immediate attention:
CAS/TEST URLs:
accountupdatertest.cybersource.com
apitest.cybersource.com
batchtest.cybersource.com
api.accountupdatertest.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
Production URLs:
accountupdater.cybersource.com
api.cybersource.com
batch.cybersource.com
api.accountupdater.cybersource.com
ics2ws.ic3.com
ics2wsa.ic3.com
Root and Intermediate (CA) Certificates of the impacted Cybersource endpoints can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-05544
If your application requires trusting of certificates at the server (leaf) level, you must install (trust) the new certificates prior to expiration of existing certificates in order to avoid any production impact. The link to the Server-Level (leaf) SSL certificate can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/knowledgearticle/?code=000003572
Please contact your Customer Support representatives for any questions you may have about this change.
Thank You,
CyberSource Customer Support
Sep 13, 2024 20:00 - Oct 29, 2024 16:00 UTC
About This Site
We use this page to communicate service availability and status for Cybersource. Subscribe to get real-time updates via Email, SMS.
For more information on our Status Page and how to use it, see our support article: Status Page
API Connection/Endpoints
?
Under Maintenance
Flex
Operational
Rest API
Under Maintenance
SCMP
Operational
Secure Acceptance
Operational
Simple Order API
Under Maintenance
SOAP Toolkit
Under Maintenance
Webhooks
Operational
Corporate and Support Web Sites
?
Operational
Corporate Site
?
Operational
Developer Center
?
Operational
Status Page
?
Operational
Support Center
?
Operational
Payment Gateway Processing
Operational
Ahli United Bank in Bahrain
?
Operational
AIB Merchant Services (AIBMS)
?
Operational
American Express Direct
?
Operational
Bambora (Payworks)
?
Operational
Bank of America Merchant Services on OmniPay Direct
?
Operational
Barclaycard HISO (Payworks)
?
Operational
Barclays Merchant Services
?
Operational
Barclays Merchant Services (HISO)
?
Operational
Cardnet International on OmniPay Direct
?
Operational
Chase Paymentech Solutions
?
Operational
China UnionPay
?
Operational
Cielo
?
Operational
Citibank India
?
Operational
Comercio Latino
?
Operational
Concardis (Payworks)
?
Operational
Credit Mutuel-CIC
?
Operational
Cybersource Latin American Processing
?
Operational
eCheck/ACH
?
Operational
Elavon
?
Operational
Elavon Americas
?
Operational
Elavon (Payworks)
?
Operational
FDC Compass
?
Operational
FDC Germany
?
Operational
FDC Nashville Global
?
Operational
FDI Australia
?
Operational
FDMS Nashville
?
Operational
FDMS South
?
Operational
Fexco DCC (Payworks)
?
Operational
First Data Merchant Solutions(Europe) on OmniPay Direct
?
Operational
French Gateways
?
Operational
Getneton Software Express
?
Operational
Global Payments Greenhouse South Authorization Platform
?
Operational
Global Payments International Acquiring on OmniPay Direct
?
Operational
Global Payments North America (GPN)
?
Operational
Global Payments Omnipay (Payworks)
?
Operational
Global Payments UCP (Payworks)
?
Operational
HBoS
?
Operational
RuPay
?
Operational
HSBC
?
Operational
Ingenico ePayments
?
Operational
JCN Gateway
?
Operational
Lloyds-OmniPay
?
Operational
LloydsTSB Cardnet
?
Operational
Lynk
?
Operational
Moneris
?
Operational
PayEase China
?
Operational
Prosa
?
Operational
RBS WorldPay Atlanta
?
Operational
Rede
?
Operational
Saudi Payments
?
Operational
Six
?
Operational
Software Express (Getnet)
?
Operational
Streamline
?
Operational
TeleCheck
?
Operational
TSYS Acquiring Solutions
?
Operational
UATP
?
Operational
Vero
?
Operational
Visa Platform Connect (VPC) Gateways
?
Operational
Worldpay VAP
?
Operational
Payment Services
Operational
Account Updater
?
Operational
Alternative Payments
?
Operational
Acceptance Devices
Operational
Customer Invoicing
?
Operational
Digital Payments
?
Operational
Dynamic Currency Conversion
Operational
Payment Services
Operational
Payouts
Operational
Recurring Billing
?
Operational
Secure Storage
Operational
Tax
?
Operational
Tokenization (TMS)
Operational
Unified Checkout
Operational
Wells Fargo Service Fee
Operational
Portals
?
Operational
Access/Login - Business Center
?
Operational
Analytics - Business Center
Operational
Batch/File Upload - Business Center
Operational
Case Management Search - Business Center
Operational
Portfolio Management - Business Center
Operational
Reports - Business Center
Operational
Transaction Search - Business Center
Operational
Virtual Terminal - Business Center
Operational
Acceptance Devices - Business Center
?
Operational
Risk
Operational
Account Take Over Protection
Operational
Bin Lookup
Operational
Decision Manager (DM)
Operational
Fraud Management Essentials
Operational
List Manager
Operational
Partner Risk Controls
Operational
Payer Authentication Processing
Operational
Third Party Applications
?
Operational
Sandbox/Testing Environment
?
Operational
API Connection/Endpoints
?
Operational
Payment Gateway Processing
Operational
Payment Services
Operational
Portals
?
Operational
Settlement/Batching
Operational
Settlement/Batching
?
Operational
Ahli United Bank in Bahrain
?
Operational
AIB Merchant Services (AIBMS)
?
Operational
American Express Direct
?
Operational
Bank of America Merchant Services on OmniPay Direct
?
Operational
Barclaycard HISO (Payworks)
?
Operational
Barclays Merchant Services
?
Operational
Cardnet International on OmniPay Direct
?
Operational
Chase Paymentech Solutions
?
Operational
China UnionPay
?
Operational
Cielo
?
Operational
Comercio Latino
?
Operational
Citibank India
?
Operational
Credit Mutuel-CIC
?
Operational
Cybersource Latin American Processing
?
Operational
eCheck/ACH
?
Operational
Elavon
?
Operational
Elavon Americas
?
Operational
Elavon (Payworks)
?
Operational
FDC Compass
?
Operational
FDC Germany
?
Operational
FDC Nashville Global
?
Operational
FDI Australia
?
Operational
FDMS Nashville
?
Operational
FDMS South
?
Operational
First Data Merchant Solutions(Europe) on OmniPay Direct
?
Operational
French Gateways
?
Operational
Getneton Software Express
?
Operational
Global Payments Greenhouse South Authorization Platform
?
Operational
Global Payments International Acquiring on OmniPay Direct
?
Operational
Global Payments North America (GPN)
?
Operational
Global Payments Omnipay (Payworks)
?
Operational
HBoS
?
Operational
RuPay
?
Operational
HSBC
?
Operational
Ingenico ePayments
?
Operational
JCN Gateway
?
Operational
Lloyds-OmniPay
?
Operational
LloydsTSB Cardnet
?
Operational
Lynk
?
Operational
Moneris
?
Operational
PayEase China
?
Operational
Prosa
?
Operational
RBS WorldPay Atlanta
?
Operational
Rede
?
Operational
Saudi Payments
?
Operational
Six
?
Operational
Software Express (Getnet)
?
Operational
Streamline
?
Operational
TeleCheck
?
Operational
TSYS Acquiring Solutions
?
Operational
UATP
?
Operational
Vero
?
Operational
Visa Platform Connect (VPC) Gateways
?
Operational
Worldpay VAP
?
Operational
Barclays Merchant Services (HISO)
?
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance