Back to Release Notes
SuiteCommerce
NetSuite Vinson
2026-06-22

SCA Device Fingerprinting via CyberSource Decision Manager

SuiteCommerce Advanced natively integrates CyberSource Decision Manager device fingerprinting at checkout from the Vinson release onward. Pre-Vinson bundles require a manual SSP code change.

Affects:SuiteCommerce AdvancedCyberSource Decision Managercheckout.sspWeb Site Setup Record

What changed

Starting with the Vinson release, SuiteCommerce Advanced natively fires a device-fingerprinting call on the final checkout submit page. The browser collects device attributes and a unique session ID and sends them to CyberSource's fingerprinting endpoint. CyberSource Decision Manager then evaluates the data in real time against your configured rules and can accept, reject, or place orders on payment hold — all feeding back into NetSuite's standard order-management workflow.

Prior to Vinson, this behavior was not built in; merchants had to patch the checkout SSP template manually (see migration section below).

Prerequisites

  • CyberSource Decision Manager must be your credit-card authorization processor.
  • In the CyberSource gateway profile record, check Enable Device Fingerprinting. Reference: Using CyberSource Decision Manager for Fraud Management in the Help Center.
  • On the target site's Web Site Setup record (Commerce > Websites > Website List), go to the Shopping subtab and check Require Authorization for Credit Card Transactions.

How it works at runtime

When a shopper reaches the final submit step of checkout, SCA injects a fingerprinting snippet that posts device data plus a session ID to CyberSource's collection server. Decision Manager correlates this with the authorization request and applies your fraud rules. The result (accept / reject / review) is written back to the NetSuite sales order.

SEO note: All calls to the device fingerprinter are explicitly excluded from the SEO page generator, so search-engine crawls are unaffected.

What to do

Vinson and later — no code changes required

Verify the two prerequisites above are enabled and confirm fingerprinting fires by inspecting network requests on your checkout page for calls to CyberSource's device-data collection domain.

Pre-Vinson — manual SSP patch

  1. Open /CheckoutApplication@x.x.x/SuiteScript/checkout.ssp in your SCA bundle.
  2. Immediately before the closing </body> tag, add:
    <%= order.getDeviceFingerPrintingHtml() %>
  3. Deploy the updated SSP file following SCA customization best practices (extension or direct edit depending on your bundle version). See Develop Your SCA Customization in the Help Center.

Verification

  • Place a test order and check the browser's network tab for the fingerprint request.
  • In Decision Manager, confirm the session ID appears alongside the authorization request.
  • Review the sales order in NetSuite to verify the fraud-screening status field reflects the Decision Manager outcome.

Note: Oracle's documentation does not specify the exact order.getDeviceFingerPrintingHtml() API surface or what HTML it emits. If you need to customize the fingerprint payload or timing, inspect the rendered output in a staging environment before relying on it in production.

Source: Oracle NetSuite Release Notes

More in SuiteCommerce

SuiteCommerce
Pre-Denali

SCA Pre-Denali: Legacy Domain and Session Checks Replaced for HTTPS Shopping

SuiteCommerce Advanced pre-Denali releases introduced isCheckoutSupported(), isShoppingSupported(), and session.isLoggedIn2() to replace legacy domain and session detection methods that break under HTTPS shopping domains.

SuiteCommerce
Unknown

SuiteCommerce: Gift Certificate Groups Mimic Matrix Items on PLP/PDP

The Gift Certificate Management extension adds a Gift Certificate Group record and new item-level fields that let you consolidate multiple gift certificates into a single PLP entry with item-option selection on the PDP, mimicking matrix-item behavior without using matrix items.