Just as a unrelated heads-up non-technical side-note, in case you missed the big 2015 news (as I saw you mentioning iframes):
Using iframes for collecting payment information will put you in the new SAQ A-EP category for PCI-DSS 3.0 compliance starting Jan 1st 2015, and making you going through a mandatory questionary of 139 questions to go through every year + a PCI-DSS mandatory quarterly security scan if my understanding is correct:
www.pcisecuritystandards.org/security_standards/documents.php
If not already done, you may want to contact your PayPal account contact (and if you use an acquirer, them too) for exact PCI-DSS 3.0 compliance requirements by PayPal ahead of PCI due-diligence time to avoid surprises. Or opt for a payment method that has much less PCI-DSS compliance hassles (and also less liability on your shoulders too).
E.g. This site is PCI-DSS compliant, and even though we don't use iframes, we also run on a voluntary base periodic PCI-DSS security scans, so it is all possible using CB and CBSubs, but it requires that your datacenter is PCI-DSS compliant, that your server is compliant, and that its settings are PCI-DSS compliant, as well as your company.
All of this is unrelated to the settings issue that you are trying to solve, it's just a heads-up to 2015 changes coming soon.
Back to your topic and your latest question:
Cancelling your purchase in Paypal will be (logically) cancelling your purchase basket in CBSubs as well, that's a normal behavior of CBSubs.
beat
