This is usually not an issue with CyberSource rejecting descriptive
text, but with request signing and merchantDefinedInformation
validation.Make sure you are using key instead of name in
merchantDefinedInformation, keep values under 255 characters, ...
Redirect the user to the 3D Secure authentication URL, then send them
back to your own return/callback URL after the challenge. Don’t treat
the redirect as the final result once the user returns, verify the
authentication outcome server-to-server by ...
