1. Documentation
  2. Plugins
  3. WooCommerce
  4. Extensions

WooCommerce CyberSource SA SOP Payment Gateway

Overview ↑ Back to top

Heads up! We’re retiring this plugin in favor of the WooCommerce CyberSource plugin with the latest features. Click here to learn more about this plugin.

CyberSource Secure Acceptance – Silent Order Post (SA SOP) is a credit card payment gateway that allows full customization of checkout, receipt and error pages, yet simplifies PCI compliance by posting credit card data directly to secure CyberSource servers. You can even accept eChecks in versions 2.0+.

This gateway uses the new Secure Acceptance Protocol for CyberSource to ensure that it’s updated and fully compliant with CyberSource requirements.

Looking for details on 3D Secure? See this FAQ entry.

Requirements ↑ Back to top

  • A CyberSource account (fees apply)
  • PHP 5.6+ (You can see this under WooCommerce > Status)
  • An SSL certificate on your site

Installation ↑ Back to top

  1. Download the extension from your dashboard
  2. Go to Plugins > Add New > Upload and select the ZIP file you just downloaded
  3. Click Install Now, and then Activate
  4. Click the Configure link and read the next section to learn how to setup and configure the plugin.

Setup ↑ Back to top

You must have an active gateway account with CyberSource in order to make use of this plugin. Once you have contacted CyberSource and set up an account with Silent Order Post/Hosted Order Page enabled, you will be able to configure the plugin.

Generate Access / Secret Key ↑ Back to top

CyberSource uses an access key and secret key to perform SOP transactions. If you want to perform test transactions, you’ll have to repeat these steps for your Test as well as Live accounts. Note that if you accepting eChecks you only need to perform these steps once, and simply enable eChecks in your CyberSource account. Both methods can use the same account credentials. To generate:

  1. Log in to CyberSource business center with the merchant id provided to you by CyberSource.
  2. Go to Tools & Settings > Secure Acceptance > Profiles, and click “Create New Profile” in the bottom right to create a payment profile.
    WooCommerce CyberSource View Profiles
    View Profiles
  3. Enter all profile details – Select “Silent Order Post” for the method – and click “Save”. Your profile id can be set to whatever you want (min 7 characters), but will be needed for the plugin settings page. Save this and enter it there.
    WooCommerce CyberSource new profile
  4. Now you’ll have to set up your Payment Methods – click on “Payment Settings”:
    WooCommerce CyberSource Payment Settings
    Payment Settings
  5. Click “Add / Edit Card Types” and select any cards for which you’ll be accepting payments. If you decided to accept eChecks, you should enable these as well.
    WooCommerce CyberSource Add paymetn methods
    Add Payment Methods
  6. Once you’ve added your card types and enabled eChecks (optional), you’ll need to add currencies you’ll accept. Click the pencil “edit” icon to add these currencies:
    WooCommerce Cyber Source Add currencies
    Add Currencies
  7. Save your Payment Settings when you’ve added Credit Card and eCheck currencies, then move on to Customer Response Pages.
    WooCommerce CyberSource set URLs
    Customer Response Page
  8. Enter the URL provided in the plugin settings page. This is most likely
    https://MYSTORE.com/?wc-api=WC_CyberSource_SA_SOP

    but may be different. Please ensure that you use https://.
    WooCommerce CyberSource Set URLs

  9. Save this and you can optionally move on to Customer Notifications and fill out the desired info (not required).
  10. Finally, move on to “Security”:
    WooCommerce CyberSource SA keys
  11. Click “Create New Key” to generate access / security keys for your profile.
    WooCommerce CyberSource Create New Keys
    Create New Keys
  12. Enter the name of your store / profile and click “Generate”:
    WooCommerce CyberSource Create a Key
    Create a Key
  13. You’ll now be provided with security and access keys. Copy them and save them on the plugin settings page, along iwth the profile id you set when you created your new profile.
    WooCommerce CyberSource security keys
    Copy Keys

Now you can finish up with plugin configuration. Remember, you must generate test credentials just like this, as you can’t use production credentials in your test environment.

Extension Settings ↑ Back to top

To configure the plugin, go to WooCommerce > Settings > Payments. You should see “CyberSource SA SOP” and “CyberSource SA SOP eCheck” as options at the top of the screen. Click CyberSource SA SOP to see the credit card settings.

CyberSource SA SOP Settings

  • Enable/Disable – Enable or disable the payment method.
  • Title – Lets you set the title of the gateway shown on the checkout.
  • Description – This is the text shown under the title during checkout. Limited HTML is allowed. If you enable test mode, this section will also display a notice along with test credit card numbers.
  • Card Verification – Enable this to display the Card Security Code (CV2) field on checkout.
  • Address Verification Service (AVS) – Enable this to perform an AVS check on customers’ billing addresses.
  • Transaction Type – This controls how transactions are submitted to CyberSource. You may choose either “Charge” or “Authorization”. If you select “Authorization”, you must manually capture and settle payments in your CyberSource control panel after the transaction has been submitted. This defaults to “Charge”. Not sure what this means? Check out this tutorial on Authorizing vs. Authorizing and Capturing.
  • Charge Virtual-Only Orders – (Shown if Transaction Type is set to “Authorization”) Enable this to force charges on order containing only virtual items so they’re captured immediately instead of authorized (for example, to grant download access right away)
    WooCommerce Authorize.Net AIM Virtual order charges
  • Accepted Card Logos – This controls the card logos that display during checkout. This is purely cosmetic and has no affect on the cards actually accepted by your merchant account. Ensure that you enable these cards in your CyberSource Business Center, under Tools & Settings > Secure Acceptance Profiles > Payment Settings.
  • Environment – Switch between “Test” and “Live” credentials. Enable “Test” to send transactions to your CyberSource Test Account. You must create a test account with CyberSource to use this.
  • Share connection settings – Enabling this will allow you to use connection/authentication settings between the credit card and eCheck gateways. If this is disabled, you’ll have to enter a new CyberSource Access Key and Secret Key for eCheck transactions.
  • Profile ID – This is the profile id you set for your payment profile. It can be found under Tools & Settings > Secure Acceptance Profiles > General Settings.
  • Access Key – The Access Key for your CyberSource Account. Follow the steps above to get this.
  • Secret Key – The Secret Key for your CyberSource Account. Follow the steps above to get this.
  • Transaction Response URL Configured – Check to confirm you’ve correctly entered the Response URL in your CyberSource account (using https://).
  • Fail on Review – Marks the order as failed when CyberSource decision is “REVIEW”. With this checked an order will be marked as failed in WooCommerce when the CyberSource decision is “REVIEW” (which can happen for instance with an incorrect CVN), allowing the customer to re-attempt payment. Unchecked, the order will be marked as “ON-HOLD” and may require you to take additional steps to settle the transaction in the CyberSource Business Center and complete the transaction.
  • Display SSL Seal – Display the “Digital Security by Entrust SSL” seal image on the Pay page. This is purely for customer information purposes and does not provide any additional security to the gateway.
  • Detailed Decline Messages – Enable to display detailed messages to customers to provide reasoning for declines when possible.
  • Debug Mode – Enable this to place the gateway in debug mode, which will output the full response from the CyberSource servers on the payment page, for debugging purposes. Be sure to disable this prior to going live. For best performance, please do not enable this unless you are having issues with the plugin.

CyberSource SA SOP eCheck Settings

  • Enable/Disable – Enable or disable the payment method.
  • Title – Lets you set the title of the gateway shown on the checkout.
  • Description – This is the text shown under the title during checkout. Limited HTML is allowed. If you enable test mode, this section will also display a notice along with test credit card numbers.
  • Environment – Switch between “Test” and “Live” credentials. Enable “Test” to send transactions to your CyberSource Test Account. You must create a test account with CyberSource to use this.
  • Share connection settings – Enabling this will allow you to use connection/authentication settings between the credit card and eCheck gateways. If this is disabled, you’ll have to enter a new CyberSource Access Key and Secret Key for eCheck transactions.
  • Profile ID – This is the profile id you set for your payment profile. It can be found under Tools & Settings > Secure Acceptance Profiles > General Settings.
  • Access Key – The Access Key for your CyberSource Account. Follow the steps above to get this.
  • Secret Key – The Secret Key for your CyberSource Account. Follow the steps above to get this.
  • Check Number Field – Select whether the check number field is hidden, shown, or required at checkout.
  • Debug Mode – Enable this to place the gateway in debug mode, which will output the full response from the CyberSource servers on the payment page, for debugging purposes. Be sure to disable this prior to going live. For best performance, please do not enable this unless you are having issues with the plugin.

Testing ↑ Back to top

Credit Card Testing ↑ Back to top

To perform test transactions, first configure the plugin for test mode, as described above in CyberSource Setup.

Use the following information at checkout:

  • Card Number – 4111111111111111
  • Card Type – VISA
  • Expiration Date – any date in the future
  • Card Security Code – any string, ie 123

Note that you must have used a valid Billing city/state/postal code during checkout.

View all test credit card numbers: Testing Credit Card Services

eCheck Testing ↑ Back to top

To perform test transactions, first configure the plugin for test mode, as described above in Setup and Configuration.

Use the following information at checkout:

  • Account Number – 4100
  • Routing Number – 121042882
  • Drivers License Number – any string, ie 1234
  • Drivers License State – any state

View the full CyberSource testing documentation: Testing the Electronic Check Services

Troubleshooting ↑ Back to top

Transaction Errors ↑ Back to top

If you get errors, enable debug mode, or view the order notes in the WooCommerce Order admin and compare the provided reason code against the CyberSource reason codes:

CyberSource Reason Codes

Note that sometimes more detailed error information/messages can be found by logging into your CyberSource Business Center and viewing transaction Reports, although other times CyberSource might not even record a failed transaction, such as when a non-enabled credit card is used. This is why it’s always important to perform a test transaction with your live account, by for instance, performing an authorization-only, and then reversing it once you verify the transaction completes end-to-end.

Browser not Redirecting ↑ Back to top

When functioning properly, this gateway should automatically redirect the client browser back to your server and display the “Thank You” or “Error” page, and update the order status. If this isn’t happening in your test or live transactions, follow the steps below to manually configure the redirect URLs in CyberSource. Note that if you are also using the CyberSource SOP eCheck payment gateway, you only need to perform these steps once as they will apply to both gatewayws.

  1. Log in to your CyberSource Business Center
  2. Go to Tools & Settings > Secure Acceptance: Profiles
  3. Find the field named “Customer Response URL” under the title “Customer Response Pages” and set the value to: https://MYSTORE.com/?wc-api=WC_CyberSource_SA_SOP where MYSTORE is your site name
  4. If this doesn’t work, check the plugin settings page to confirm that this is the correct URL.

Pending Orders ↑ Back to top

If you see “pending” orders in your WooCommerce order admin, there are a couple of different things to consider and check. First, a bit of terminology, a “pending” order indicates an order that has been placed, but not paid for. WooCommerce redirect gateways, such as this CyberSource SOP, will create “pending” orders as part of the checkout process, then the customer is prompted for their credit card information.

This means that if a customer chooses not to pay at that point, the order will be left in a “pending” state until/if they return to complete payment; this result is different from a standard “remote” payment gateway where the pending order record is not created as part of the checkout process. Still, a large number of pending orders with no “processing” or “completed” ones can indicate a configuration or communication issue with the gateway. To diagnose:

  1. Log into your WooCommerce admin and check for any order notes attached to the pending order in question
  2. If there are no notes, log into your CyberSource Business Center and check for completed or failed transactions. If you see records for the pending orders in your Business Center, this probably indicates an issue with the automatic redirection, and you should configure redirects manually as explained above.
  3. If you see no record of the transactions, ensure that both the WooCommerce CyberSource SOP plugin and CyberSource Business Center are properly configured
  4. Perform a test live transaction, for instance in authorize-only mode, to verify that the transaction completes and the redirect occurs

Frequently Asked Questions ↑ Back to top

Q: I have an order that was processed twice by CyberSource with two distinct request IDs but the same order number, resulting in my customer being double-charged. What happened?
A: CyberSource SOP is a redirect gateway, which means that to pay the client browser posts the order and payment data directly to the CyberSource processing server, and then is redirected back to WooCommerce to the “thank you” page. From the “Thank You” page the customer has the ability to hit the “back” button or otherwise return to the CyberSource processing page through their browser history, and once there if they accept their browser’s warning about re-submitting the post data, the transaction will be re-posted and potentially be successfully run a second time, third time, etc.

Unfortunately there’s currently no solution for this problem: it’s not possible to disable the “back” functionality of a client’s browser. Furthermore, CyberSource has no transaction validation checks to guard against this besides a simple check of the age of the transaction request, meaning that this problem can’t occur for an “older” transaction, but certainly can within the first few minutes of a transaction being placed.


Q: Does this plugin support 3D Secure? I need to meet Strong Customer Authentication (SCA) requirements.
A: This is coming soon! WooCommerce CyberSource does not yet support 3D Secure at this time, but this is in progress to launch before the PSD2 deadline. (Learn more about PSD2 here.)

Migrating from Authorize.Net? The updates to this plugin to support 3DS v2.0 will also support the same features as WooCommerce Authorize.Net, so you won’t lose any features in migrating. Our support team is happy to help with any migration questions you have.

Questions & Support ↑ Back to top

Have a question before you buy? Please fill out this pre-sales form.

Already purchased and need some assistance? Get in touch with support via the help desk.

WooCommerce - the most customizable eCommerce platform for building your online business.

  • 30 day money back guarantee
  • Support teams across the world
  • Safe & Secure online payment