CyberSource Decision Manager Application by Kibo eCommerce

Configuration Guide

Current Version: 1.0.0 (January 2016)
Install: Kibo eCommerce App Marketplace
More Info: Version History

CyberSource's Decision Manager provides a fraud protection platform that features the World's Largest Fraud Detection Radar as well as a flexible rules engine that lets you customize rules to suit your business case. With Decision Manager, you can screen orders for risk in an effort to prevent fraud.

The Kibo eCommerce CyberSource Decision Manager Application integrates your Decision Manager account with your Kibo eCommerce site so that orders you receive on your site are automatically screened by Decision Manager. Orders receive a fraud score and a validation result from Decision Manager that Kibo eCommerce uses to either accept, reject, or flag an order for further review.

Application Features:

Install the App

You can install the CyberSource Decision Manager Application by Kibo eCommerce directly from the Kibo eCommerce App Marketplace:

  1. Go to: www.kibocommerce.com/marketplace
  2. In the Search field, enter: Decision Manager
  3. Click the app icon.
  4. On the app page, click Install Now.

Configure the Application

To integrate your Decision Manager services with Kibo eCommerce, review the configuration requirements to ensure you have everything you need to be successful before you begin, and then complete the steps in this section.

Configuration Requirements

Configuration Process

The following sections walk you through the configuration process for the Decision Manager App:

  1. Obtain Decision Manager Account Information
  2. Open the App Configuration Settings
  3. Add Your Decision Manager Account Credentials
  4. Configure Fraud Detection Settings
  5. (Optional) Configure Order Synching
  6. (Optional) Map Kibo eCommerce Fields to Custom Fraud Detection Rules

Obtain Decision Manager Account Information

Note your Decision Manager account credentials. You will enter these credentials in Kibo eCommerce.

  1. Log in to the CyberSource Business Center.
  2. Note the username and password that you use to log in to the CyberSource Business Center.
  3. Note your Account ID and Merchant ID.
  4. Create and note a Transaction Security Key for the SOAP Toolkit API.
    Note: If you have already created this key but lost or forgotten it, you will have to generate a new key.

Open the App Configuration Settings

  1. In Admin, go to System > Customization > Applications.
  2. Click CyberSource Decision Manager.
  3. Click the Configuration link to open configuration settings.
  4. Go to the Settings tab.
  5. Fill in the fields described in the following sections and click Save.

Add Your Decision Manager Account Credentials

Settings Tab: Account Credentials

1 Organization ID—Specifies whether to connect to the CyberSource Test Business Center or the Live Business Center. The Test Business Center simulates transactions, and is ideal for testing your app configuration. The Live Business Center processes real transactions. For Test, use: 1snn5n9w For Live, use: k8vif92e
2 Merchant ID—Your Decision Manager Merchant ID.
3 Transaction Key—The Transaction Security Key you created for the Decision Manager SOAP Toolkit API.

Configure Fraud Detection Settings

Settings Tab: Fraud Detection Settings

4 Threshold Enabled—(Optional) Sets a monetary value below which orders are not sent to Decision Manager. You can use this setting to optimize performance for customers making low-value orders that do not carry significant fraud risk.Note: The Threshold Value only applies to the largest payment that is an enabled payment type (7) for fraud validation.
5 Cancel Order When Rejected in DM—(Optional) Specifies to automatically cancel orders in Kibo eCommerce that are rejected by Decision Manager. If not enabled, orders rejected by Decision Manager are set to Pending Review in Kibo eCommerce.Note: Cancelled orders in Kibo eCommerce cannot be reverted to a non-cancelled state.
6 Export Order Item Price as 0.00—(Optional) Specifies to export orders to Decision Manager with the price for individual line items set to 0.00. Selecting this option will make the total amount of the order 0.00 in Decision Manager. If you want to zero out line items but still see the full order amount in Decision Manager, you can add the Kibo eCommerce Order Total as a custom mapping.
7 Select Payment Type—Specifies the payment types to check for fraud in Decision Manager. Kibo eCommerce sends ONLY the payment types you select to Decision Manager. If you select multiple payment types, Kibo eCommerce sends only the largest selected payment type applied to a given order to Decision Manager for screening. Note: The Paypal Express payment type is only supported for the legacy version of Kibo eCommerce PayPal, implemented through Kibo eCommerce Core 8 and earlier. If you are implementing PayPal support through the PayPal Express Certified Kibo eCommerce Application, Decision Manager does not check PayPal payments for potential fraud. CyberSource's current tooling requires a billing address with every order. PayPal Express obscures billing information for security reasons, so Kibo eCommerce cannot provide it to CyberSource.
8 Environment—Specifies the Decision Manager environment to use for fraud checking. If you select Test, the application sends order information to Decision Manager's test site, where you can evaluate fraud detection rules in a sandbox setting. When you are satisfied with the rules you set in Decision Manager, choose Production to enable live fraud detection on your site.

(Optional) Configure Order Synching

Settings Tab: Order Synching

9 Order Synch Frequency—(Optional) Specifies how often Kibo eCommerce queries Decision Manager for updates on orders. If you accept or reject an order in Decision Manager that is Pending Review in Kibo eCommerce, the order synch frequency determines how long it takes for the order status to update in Kibo eCommerce. If this option is Disabled, Kibo eCommerce does not query Decision Manager, and you must manually process the order in Kibo eCommerce.Tip: Balance the frequency at which you receive updates in Kibo eCommerce with the amount of bandwidth you are comfortable using to send order sync queries from Kibo eCommerce to Decision Manager.
10 User Name—The user name you use to log in to the CyberSource Business Center.
11 Password—The password you use to log in to the CyberSource Business Center.

(Optional) Create Custom Rules

If you want to add to the rules that Decision Manager uses to screen an order for fraud risk, you can use the CyberSource Business Center to modify the existing rules or create new custom rules. To help you build custom rules, you can map Kibo eCommerce fields, such as email address and payment types, to available merchant-defined data (MDD) fields in Decision Manager. Afterwards, you can associate the MDD fields with custom fields in Decision Manager and use the custom fields in your fraud detection rules.

Create Custom Mappings from Kibo eCommerce

  1. Open the Decision Manager app configuration settings dialog.
  2. Go to the Custom Mapping tab. Note: This tab only appears after you configure and save your account information on the Settings tab.
  3. Select the Merchant ID for the CyberSource account you are mapping.
  4. Click Add Custom Mapping and fill in the following fields:
1 Merchant ID—The Decision Manager Merchant ID you selected on the previous page.
2 Domain—The type of Kibo eCommerce data you are mapping. The value you choose determines the options that appear in the Mozu Data menu.
3 Mozu Data—The specific order or customer data field from Kibo eCommerce. Once a field is mapped, it no longer appears in the list.
4 CyberSource Data—The Decision Manager merchant-defined data field to which you are mapping the Mozu Data. Only available fields appear in the list.
5 Include in Offer Details—Specifies whether to include the custom mapping as a column in the Decision Manager Offer Details table.
6 Offer Detail Value Column—Specifies which column in the Decision Manager Offer Details table displays the mapped data. If you select Price, the mapped data must be a decimal. SKU can display any data type.

Create Custom Fields in Decision Manager

After you create your mappings in Kibo eCommerce, you must log in to Decision Manager account and associate a custom field with a mapped merchant-defined data field. Creating this association is necessary because fraud detection rules don't access merchant-defined data fields directly.

For example, if you create a mapping in Kibo eCommerce that assigns a customer's email address to Merchant-Defined Data 7, complete the following steps to create the custom field in Decision Manager:

  1. Log in to the CyberSource Business Center.
  2. Go to Decision Manager > Configuration > Custom Fields.
  3. Click Add Custom Field.
  4. Select merchant_defined_data7 as the Order Element and give the field a logical name, such as Email.
  5. Click Save to create the field.

You can now go to Configuration > Custom Rules to create a new rule. In the Rule Conditions, your custom fields appear in the Order Element drop-down. For more information on creating custom rules and fields in Decision Manager, refer to the Decision Manager User Guide available through the CyberSource Business Center.

Add the Decision Manager Widget to Your Theme

For each fraud screen it performs, Decision Manager requires a device fingerprint that helps identify the computer or device from which an order originates. You must add the Decision Manager Widget, available on GitHub, to the checkout page of your Kibo eCommerce site(s) to capture each customer’s device fingerprint and send it to Decision Manager.

Note: The Mozu/Integration-DecisionManagerWidget repository is private. Contact Kibo eCommerce Support with your GitHub username to request access to this repo.

Update Your Theme

  1. Clone or download the GitHub repository.
  2. Add or merge the files listed above.
  3. Run Grunt to build the theme.
  4. Upload the resulting ZIP file to Dev Center.
  5. Install the updated theme to the sandbox you’re working in.
  6. In Admin, go to Site Builder > Themes, right-click the new theme, and click Apply.

Add the Widget to Your Checkout Page

  1. In Admin, go to Site Builder > Editor.
  2. In the Site tree, navigate to Templates > Checkout.
  3. Click the Widgets button at the top of the editor.
  4. Drag the DecisionManager Device Fingerprint widget to any dropzone on the checkout page. The widget is not visible to customers, so placement on the page is not important.

Enable the App

After configuration, enable the CyberSource Decision Manager Application in Kibo eCommerce to apply its functionality to your tenant.

  1. In Admin, go to System > Customization > Applications.
  2. Click CyberSource Decision Manager Application.
  3. Click Enable App.

Congratulations! You can now preview Decision Manager functionality on your site.

Use the App

Once you have installed, configured, and enabled the CyberSource Decision Manager Application, the app automatically begins sending Kibo eCommerce orders to Decision Manager for fraud detection. The amount of work you must do to process orders depends on your app configuration. For example, in the most streamlined scenario (you enabled both an Order Synch Frequency and Cancel Order When Rejected in DM), you only have to process orders in Decision Manager.

Tip: Refer to the Application Logic section at the end of this document for a diagram of the order status change process.

When a Kibo eCommerce order is sent to Decision Manager, the status of the order in Kibo eCommerce changes to Pending Review. Decision Manager screens the order and attaches one of the following validation results: accept, review, or reject. If the validation result is review, further action is required in Decision Manager to either accept or reject the order.

Process Orders in Decision Manager

In Decision Manager, Kibo eCommerce orders appear with their Kibo eCommerce order number as the Merchant Reference Number. This makes it easy for users to locate the order in Decision Manager:

  1. Log in to Decision Manager and navigate to Case Management > Case Search in the left navigation menu.
  2. Use the Search Parameters to locate the order(S) that need processing. If you know the order number, you can search for it explicitly using the Field and value search.
  3. (Optional) If your search returns multiple results, click the order number in the Results table to view the Case Management Details.
  4. Review the order. Note that the Case Management Details list the order number as the Merchant Ref Number.
  5. Process the order in Decision Manager as you normally would.

Process Orders in Kibo eCommerce

Automatic Order Processing

All Kibo eCommerce orders are set to Pending Review when they are sent to Decision Manager. If you configured order synching, the Decision Manager App automatically updates the order status after a Decision Manager result is received.

Additionally, if the order was manually reviewed in Decision Manager, the reviewer name and comments from Decision Manager appear in the Orders module in Admin, on the Order Details tab:

If you did not set up order synching, you must manually process the order in Kibo eCommerce to change its status.

The basic status mapping for auto updates is as follows:

Decision Manager Validation Result Kibo eCommerce Order Status
accept Accepted
review Pending Review
reject Cancelled1

1 If you enabled Cancel Order When Rejected in DM in the app Configuration settings, an order that is rejected in Decision Manager is automatically moved to Cancelled in Kibo eCommerce. If you did not enable Cancel Order When Rejected in DM, an order that is rejected in Decision Manager remains in Pending Review in Kibo eCommerce until you manually change the order status in Kibo eCommerce.

These status mappings apply regardless of whether the state change in Decision Manager is triggered manually by a fraud reviewer or automatically by a rule.

Tip: Refer to the Application Logic section at the end of this document for a diagram how order status is mapped from Decision Manager to Kibo eCommerce.

Manual Order Processing

If you did not enable order synching, all orders sent to Decision Manager remain in Pending Review until you manually process them in Admin:

  1. In Admin, go to Main > Fulfillment > Orders.
  2. Locate the order and click the row to open the Orders editor.
  3. On the Order Details tab, locate Attributes.
  4. Use the Decision Manager Fraud Results to review the reasons the order is pending review.
    1. Note whether Decision Manager accepted, rejected, or marked the order for further review.
    2. Consider fraud risk information such as the fraud score result (afsResult), risk factor codes (afsFactorCode), and reason code (ReasonCode). For example, in the preceding screenshot, you can determine that Decision Manager rejected the order due to a fraud score result that may be above your ignore threshold based on risk factor codes that include phone inconsistencies and high account usage. Tip: For help interpreting all the values listed in the Decision Manager results, refer to the Decision Manager Developer Guide: Using the Simple Order API available through the CyberSource Business Center.
  5. If you think the order is fraudulent, click Cancel Order. Otherwise, click Accept Order.

You can also use the Decision Manager website to accept or cancel orders pending review. If you update an order through the Decision Manager website, you see the update in Kibo eCommerce in accordance with the order synchronization interval you set in the configuration settings.

Application Logic

This section provides decision trees to help illustrate how the CyberSource Decision Manager Application makes two key decisions:

The branches in each diagram depend on how you configure the app. Review the App Configuration Settings for additional context.

Perform Fraud Detection?

Figure 1: Process for determining whether to send an order to Decision Manager for fraud detection.

Update Order Status?

Figure 2: Process for determining whether to update Kibo eCommerce order status based on Decision Manager fraud result.