I fixed this by removing the 'supportsEMV' option. It seems like CyberSource is not able to decrypt EMV data in the payload, or the test cards are sending invalid EMV data.