CyberSource

CyberSource

CyberSource scripts embed hosted payment form components within PCI-compliant iframes on checkout pages. Device fingerprinting scripts run fraud screening by collecting browser characteristics and behavioral signals. Transaction data is processed through Visa's payment management infrastructure.

Back to Vendor Library

Overview

CyberSource, a Visa subsidiary, is one of the world's largest payment management platforms, processing transactions for businesses of every size across virtually every payment method and geography. When CyberSource's scripts appear on merchant websites, they serve two critical functions: rendering secure payment forms that keep card data off the merchant's servers, and running device fingerprinting for fraud detection.

The dual nature of CyberSource's scripts — essential payment processing combined with sophisticated fraud screening — makes it a foundational component of enterprise e-commerce infrastructure.

What This Script Does

CyberSource's scripts handle payment processing and fraud prevention on checkout pages:

  • Hosted payment form components: Renders card input fields (card number, expiry, CVV) within PCI-compliant iframes, ensuring sensitive payment data is captured directly by CyberSource's servers and never touches the merchant's infrastructure
  • Card tokenization: Converts entered payment credentials into secure tokens that merchants can use for processing without handling raw card data
  • Device fingerprinting: Collects browser characteristics, device attributes, and behavioral signals — including screen resolution, installed plugins, timezone, language settings, and mouse/keyboard interaction patterns — to build a device profile for fraud risk assessment
  • 3D Secure authentication: Manages Strong Customer Authentication flows (3DS2) required by PSD2 for European transactions, presenting bank verification screens within the checkout experience
  • Transaction risk scoring: Feeds collected device and behavioral data into CyberSource's Decision Manager fraud screening engine, which returns risk scores and recommended actions
  • Session management: Sets cookies to maintain payment session state and link fraud screening data to the active transaction

Consent & Compliance

CyberSource operates within a well-defined compliance framework:

  • GDPR: Payment processing falls under "performance of a contract" (Article 6(1)(b)). Fraud prevention has additional lawful bases including legitimate interest and legal obligation. CyberSource/Visa acts as both a data processor and, for fraud prevention, a data controller.
  • ePrivacy Directive: Payment session cookies and fraud detection mechanisms are strictly necessary for the service the customer requested (completing a purchase) and for preventing fraud, exempting them from consent requirements.
  • PCI DSS: CyberSource is PCI DSS Level 1 certified. The hosted payment fields are specifically engineered to keep merchants out of PCI scope.
  • PSD2/SCA: CyberSource handles Strong Customer Authentication requirements and manages transaction risk analysis for exemption processing.

Should You Block This Without Consent?

CyberSource's scripts are essential payment infrastructure. The hosted payment forms process transactions that customers explicitly initiated, and the fraud screening protects both the merchant and the customer from fraudulent activity. Both functions fall under the strictly necessary exemption — blocking these scripts would prevent customers from completing purchases and remove fraud protection from the checkout process.

No.

Visit website

Consent Categories

Essential
Functional

Also Known As

cybersourcecybersource paymentscybersource fraudcybersource device fingerprintvisa cybersourcecybersource checkout

Industries

Computers Electronics and Technology

Tracked Domains (1)

cybersource.comEssential

Frequently Asked Questions

Does CyberSource require consent to load?

No. CyberSource handles payment transactions explicitly initiated by the customer. Both the hosted payment form and fraud screening fall under the strictly necessary exemption — blocking them would prevent customers from completing purchases.

What data does CyberSource collect during checkout?

CyberSource captures card data within PCI-compliant iframes, tokenizes payment credentials, and collects device fingerprints including browser characteristics, screen resolution, timezone, and behavioral signals for fraud risk scoring via Decision Manager.

How does ConsentStack categorize CyberSource?

ConsentStack marks CyberSource as essential. It loads unconditionally regardless of visitor consent state, as it is required infrastructure for completing customer-initiated payment transactions and cannot be deferred without breaking checkout.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for CyberSource

ConsentStack automatically detects and manages CyberSource trackers so your site stays compliant with global privacy regulations.

Get started free