Archive for June, 2025

From the press release:

Electronic payment company CyberSource Corp. said Monday it will acquire Authorize.Net, a provider of electronic merchant services, for $565 million in cash and stock.

Under the terms of the deal, Authorize.Net shareholders will receive 1.1611 shares of CyberSource (nasdaq: CYBS - news - people ) common stock for every share of Authorize.Net. They will also share a payout of approximately $125 million in cash.

Based on its March 31 share count, the transaction values Authorize.Net at roughly $19.49 per share, representing a 16 percent premium to Friday’s closing price.

The deal is expected to add to CyberSource fourth-quarter 2025 earnings, excluding certain expenses.

Bill McKiernan will remain chairman and CEO of the combined company, while Scott Cruickshank will remain president and COO of CyberSource, and Roy Banks will remain president of Authorize.Net.

Robert Donahue, a current Authorize.Net board member, will join the board of directors of CyberSource, while Cruickshank agreed to resign from the board.

Authorize.Net, formerly known as Lightbridge (nasdaq: LTBG - news - people ), was founded in Provo, Utah in Nov. 1996. It is currently based in Marlborough, Mass. In 2025 , Authorize.Net earned $24.8 million, or 88 cents per share, and generated $95.6 million in revenue.

It will be interesting to see what a large company with a commerce background will do with a commodity like Authorize.Net. Authorize.Net already is the industry leading payment gateway provider but still could use some help fixing bugs and innovating new features. If Cybersource makes Authorize.Net a priority and outs resources behind it there is no reason to believe their market share wouldn’t continue to grow. Time will tell.

For merchants who use Authorize.Net to process their online orders if you accept orders from Canada and the UK you may be losing sales due to a flaw in how Authorize.Net handles Address Verification (AVS). (Read the blog entry The AVS Game to learn more about AVS). Apparently if the card issuing bank for a Canadian or UK credit card supports AVS Authorize.Net will treat the response as an “AVS MISMATCH”. This will cause the transaction to be declined.

The proper way to handle this would be to either fully support AVS and honor the merchant’s settings for handling AVS responses. If they can’t do that, in the meantime they should be marking the transactions as either “AVS NOT AVAILABLE” or “AVS ERROR” so the transaction can continue normally.

Unfortunately Authorize.Net’s response to this has been less then acceptable so far. Their proposed “solutions” are turning off AVS completely (e.g. turn off an important piece of fraud detection) or just accept that orders from Canada and the UK are going to be declined (e.g. accept that you are going to lose business). Naturally if this was business being affected I’d be very unhappy with that response.

So what do you do? Call Authorize.Net and let them know that your business is important to you and thus it should be important to them. There is no reason for this bug to remain unfixed and no excuse for them to expect merchants to expose themselves to fraud or lose sales just because Authorize.Net does not consider this a priority.

Technorati Tags: Authorize.Net, payment gateway, AVS

A common question we see asked online is, “What exactly is a Third Party Processor”? Well, a third party processor allows other businesses to share their merchant account. This means the merchants who shares their account doesn’t have to apply with a merchant account provider. They apply directly with the third party processor.

The ramification of this are as follows:

1) You have to follow the rules of the third party processor. Because it is their account and they are responsible for it their rules are tighter then a normal merchant account’s rules. They can shut down your account at any time for any reason. Same goes for holding your funds.

2) Their name appears on your customer’s statements. Because it is their account their name is what will appear.

3) Their rates tend to be higher then a normal merchant account because they have to mark it up to make a profit. But other fees, like monthly fees, may be waived which is a good thing.

4) They tend to accept people that merchant account providers don’t. This includes people with bad credit or high risk products. Merchants who have had their merchant account closed can usually still use a third party processor.

To see how third party processors compare to true merchant accounts check out our article Merchant Account Comparison which compares Paypal, Worldpay, and 2Checkout to a true merchant account and gateway.

Technorati Tags: merchant account, third party processor, high risk, merchant account providers, Worldpay, 2Checkout, Paypal

Not being PCI compliant in the state of Minnesota will now cost you more then your merchant account. Last week the state passed a law that virtually made PCI compliance mandatory for online merchants. The law itself does not directly reference the PCI standards outlined by the major credit card issuers (Visa, MasterCard, American Express, etc) but it clearly is modeled after their standards.

It is important to note that this law only affects merchants, in the state of Minnesota, who handle credit card information. The merchant who are most affected by this are the ones who store credit card information on the web server although it does extend to other areas as well. Ecommerce sites that do not store their customer credit card information will find being compliant easy to accomplish assuming common best practices are used (SSL, etc). Also, the law is slightly different then the PCI Data Security Standard and does not mean merchants can ignore it if they are already compliant with Minnesota’s law.

Texas is also considering implementing a similar law and it should be passed shortly.

Read the law
PCI Website.

Technorati Tags: PCI DSS, payment card industry, visa, mastercard, american express, discover card, SSL, ecommerce

Authorize.Net announced today that they will add a CAPTCHA security image to its Simple Integration Method (SIM) remotely hosted payment form. This security image is designed to verify the party submitting the form is human and not an automated bot. You can see a demo of the new CAPTCHA on the Authorize.Net website. This option may be turned on and off through the control panel.

In addition to the CAPTCHA security image the SIM method will now also allow merchants to put the URL to their return and privacy policy on their payment page, itemize the order information, as well as preview their order page. All of these new features will go into effect on Thursday, June 7th.

Technorati Tags: Authorize.Net, payment gateway, CAPTCHA, SIM, simple integration method