BREAKING Cybersource processes payments in 190+ countries Owned by Visa since 2010 Decision Manager runs on Visa-scale ML Founded 1994 in Foster City, CA One of the world's first payment gateways 60+ currencies supported Tokenization, 3DS, Account Updater, Unified Checkout Acquired Authorize.Net in 2007 for $565M Visa paid ~$2B to bring it in-house BREAKING Cybersource processes payments in 190+ countries Owned by Visa since 2010 Decision Manager runs on Visa-scale ML Founded 1994 in Foster City, CA One of the world's first payment gateways 60+ currencies supported Tokenization, 3DS, Account Updater, Unified Checkout Acquired Authorize.Net in 2007 for $565M Visa paid ~$2B to bring it in-house
Cybersource logo
FIG. 01 - The wordmark you've never noticed but probably depended on.
YesPress // Company File

Cybersource - the invisible spine of online payments.

Founded in 1994. Bought by Visa for two billion. Still moving the money you never see.

1994Founded ~900Employees 190+Countries $2BVisa Acquisition
The Scene, May 2026

A checkout button somewhere just worked.

At 4:17 a.m. in Madrid, a sleepless traveler buys a one-way ticket to Lisbon. At 4:17 a.m. in San Francisco, a subscription renews itself before the customer is awake to complain about it. At 4:17 a.m. somewhere over the Pacific, a duty-free purchase clears in a currency the cardholder cannot pronounce.

None of these people will say the word "Cybersource" today. Most will never say it in their lifetime. And yet, in a quiet stack of servers connected by a quiet contract to Visa, Cybersource is doing the unglamorous thing that all of digital commerce depends on: making the money move, then refusing to let the wrong money move at all.

It is, depending on your taste, either the dullest possible business or the most important one. Cybersource has spent thirty-two years making the case that those two descriptions are the same description.

The most important products on the internet are the ones nobody can see. - YesPress, on plumbing
The Problem They Saw

In 1994, the web had a checkout problem. It just didn't know it yet.

The world wide web was, at that point, a research curiosity with very polite gif animations. Almost nobody was buying anything on it, partly because almost nobody had thought through what "buying" on it should mean. There were no gateways. There were no tokens. There were certainly no fraud teams sipping coffee at 3 a.m. while machine-learning models scored a thousand transactions a second.

What there was, instead, was a chasm. On one side: merchants who wanted money. On the other: a card network that had built its entire risk model around physical plastic, signatures, and the slow tactile choreography of an in-person swipe. Between them: nothing. Or, more honestly, a polite suggestion that someone really ought to build something.

Cybersource - then called software.net - looked at that chasm and built a bridge. A buy button. A way for a merchant to accept a card without inventing the entire risk apparatus of a bank. It was, in 1994, faintly ridiculous. By 1999 it was a public company. By 2010 it was a Visa subsidiary.

They were not selling a payment gateway. They were selling the right to stop thinking about payments. - The case for outsourcing the boring parts

The Cybersource Timeline

FROM SOFTWARE.NET TO THE SPINE OF GLOBAL COMMERCE

1994
Founded as software.net in Foster City, California.
1996
Launches one of the web's earliest payment processing services.
1999
IPOs on NASDAQ under the ticker CYBS.
2007
Acquires Authorize.Net for $565M, doubling the small-business footprint.
2010
Acquired by Visa Inc. for approximately $2 billion.
2015
Decision Manager scales globally on Visa's transaction data.
2020
Pandemic shifts billions in volume online - Cybersource ports merchants in weeks, not months.
2024
Unified Checkout expands across APAC and LATAM with local payment methods.
What It Actually Does

Eight unglamorous products, one extremely glamorous problem.

Asking what Cybersource is is like asking what plumbing is. The answer is: many specific pipes, doing many specific things, in a sequence the user is never supposed to notice. When the sequence breaks, the user notices furiously. When it works, the user buys the sweater and forgets.

// Gateway

Payment Gateway

Accept cards, wallets, and local methods across web, mobile, and in-person channels.

// Risk

Decision Manager

Machine-learning fraud scoring built on Visa's global transaction signal.

// Vault

Token Management

Tokenizes card data, slashes PCI scope, enables network tokens.

// Auth

Payer Authentication

EMV 3-D Secure 2.x for strong customer authentication and liability shift.

// Retention

Account Updater

Refreshes stored credentials so subscriptions don't die when cards expire.

// UI

Unified Checkout

Embeddable drop-in supporting cards, wallets, and local methods.

// Billing

Recurring Billing

Subscriptions, invoices, and trial conversions with retry logic that pays for itself.

// Ops

Reporting

Consolidated reconciliation across acquirers, processors, and geographies.

A good fraud engine looks like a magic trick. A great fraud engine looks like nothing happened. - The Decision Manager design brief, paraphrased
The Proof

The numbers, with caveats.

Cybersource doesn't publish the kind of transaction counters Stripe puts on a billboard. It is, after all, a subsidiary of a publicly-traded card network, and Visa prefers its bragging at scale. But the contours are public, and the contours are large.

Cybersource at a glance

// Reach, scale, and footprint (approximate, public sources)

Countries
190+
Currencies
60+
Employees
~900
Visa price
$2B (2010)
Authorize.Net
$565M (2007)
Years operating
32
SOURCE: Public filings, Visa press releases, company materials. Bar widths normalized for legibility, not for finance.
Stripe gets the magazine cover. Cybersource gets the airline. - An overheard remark in an enterprise procurement meeting
The Mission

Compliance as a feature, not a tax.

The official mission is straightforward: help every business accept payments, manage risk, and grow globally on a single platform. The unofficial mission is more interesting. Cybersource has spent three decades making the argument that PCI compliance, fraud rules, 3-D Secure exemptions, network tokens, and 60-currency settlement are not things merchants should be building themselves. They are not even things merchants should be thinking about.

This is, of course, the entire B2B software thesis, applied to the part of the business that most founders find boring until it goes wrong. Cybersource's pitch is essentially: outsource the part that scares you. Keep the part that makes you money.

It helps that the parent company is Visa. Network tokenization. Risk signal. A directory of every acquirer that matters. The integrations that take a fintech startup three years to forge are, in Cybersource's case, available down the hallway.

Five things you didn't know about Cybersource

  • It started life as software.net - one of the first commercial software storefronts on the web.
  • It is older than Google, PayPal, Stripe, and the word "fintech."
  • It claims one of the very first online "buy" buttons.
  • Visa's $2B acquisition in 2010 was one of the largest fintech M&A deals of its decade.
  • Its fraud engine sips from a slice of Visa's global transaction firehose - a moat that's hard to rent.
Why It Matters Tomorrow

Money is going to keep moving. Quietly is the hard part.

The next decade of payments is, in a word, messy. Real-time rails. Cross-border stablecoins. Pay-by-bank in Europe. UPI elsewhere. Wallets at the operating-system layer. Agentic checkouts where an LLM hands over a card on your behalf and you find out about it in a notification. Every one of these is a new pipe, a new failure mode, a new way for fraud to creep through a seam.

Cybersource's bet, the one it has been quietly making since 1994, is that the merchant should not be the one managing the seams. It should be the gateway. Hide the complexity. Expose a single, well-behaved API. Let the airline sell the seat. Let the retailer sell the sweater. Keep the failure modes inside the platform, where there are people whose entire job it is to think about them.

This is a deeply unsexy stance. It is also, on the evidence of three decades and 190 countries, the correct one.

The future of payments isn't a feature. It's a non-event. - The Cybersource thesis, in eight words
Back to The Scene

4:18 a.m. The checkout button worked again.

The traveler in Madrid is on a plane. The subscription in San Francisco renewed. The duty-free purchase cleared. Nobody noticed Cybersource. Nobody was supposed to. That is, in the end, the product.

It is a strange thing to build a thirty-two-year company around an outcome that, when achieved, looks like nothing at all. But here we are. The button worked. The money moved. The fraud did not.

Somewhere in Foster City, a graph went up by one.

Filed Under

paymentsfintechvisafraud-management tokenizationpci-dssecommercegateway 3d-secureglobal-paymentsenterprisesaas decision-managercross-bordermerchant-services

Watch & Learn

YOUTUBEOfficial Cybersource Channel DEMOCybersource Product Demos WALKTHROUGHDecision Manager Walkthroughs CHECKOUTUnified Checkout Tutorials

Where to Find Cybersource

WEBSITEcybersource.com LINKEDIN/company/cybersource TWITTER / X@cybersource FACEBOOKfacebook.com/Cybersource DEVELOPERSdeveloper.cybersource.com WIKIPEDIAThe full backstory