Credit card encryption-decryption
We are going in for credit card enryption.Once a credit card is encrypted,can it be decrypted back again?Is there any transaction to do that?
Jen
Hi Jennifer
The link will answer your question
http://help.sap.com/saphelp_47x200/helpdata/en/68/de611988ac11d194be00a0c92946ae/frameset.htm
Thanks
G. Lakshmipathi
Similar Messages
-
Credit Card Encryption through RFC calls to third party software
Dear All,
I am working on credit card encryption in CRM. At our firm, we have SAP R/3 which is integrated with third party server for performing credit card encryption using RFC calls. We want to perform similar thing in SAP CRM. I was looking into SAP standard mechanism to perform encryption and it seems they use class CL_PCA_SECURITY -> External Encryption to encrypt credit card. Are there any BADIs available for me to change behaviour of this call and call our listeners (for third party server) instead of what standard SAP is calling. Here is what in the code:
call C function 'SSFENVELOPE'
CALL 'SSF_ABAP_SERVICE' "#EC CI_CCALL
ID 'OPCODE' FIELD SSF_OPCODES-ENVELOPE
ID 'SECTOOLKIT' FIELD SSFTOOLKIT
ID 'STRFORMAT' FIELD STR_FORMAT
ID 'STRFORMATL' FIELD STR_FORMAT_L
ID 'BINENC' FIELD B_INENC
ID 'IOSPEC' FIELD IO_SPEC
ID 'OSTRINPUTDATAL' FIELD OSTR_INPUT_DATA_L
ID 'STRPAB' FIELD STR_PAB
ID 'STRPABL' FIELD STR_PAB_L
ID 'STRPABPASSWORD' FIELD STR_PAB_PASSWORD
ID 'STRPABPASSWORDL' FIELD STR_PAB_PASSWORD_L
ID 'OSTRENVELOPEDDATAL' FIELD OSTR_ENVELOPED_DATA_L
ID 'CRC' FIELD CRC
ID 'OSTRINPUTDATA' FIELD OSTR_INPUT_DATA-SYS
ID 'RECIPIENTLIST' FIELD RCPTAB-SYS
ID 'OSTRENVELOPEDDATA' FIELD OSTR_ENVELOPED_DATA-SYS
ID 'STRSYMENCRALG' FIELD STR_SYM_ENCR_ALG
ID 'STRSYMENCRALGL' FIELD STR_SYM_ENCR_ALG_L.Vivek,
While it may be technically possible to accomplish what you are suggesting (leveraging the encryption functionality provided by your third-party server) I would recommend strongly that you consider a token-based solution instead. You can learn more about tokenization on this [blog|/people/eric.bushman4/blog/2009/01/02/tokenization-as-a-means-of-securing-credit-card-numbers ].
There are many reasons why a token-based solution is superior to using application specific encryption (as outlined in the blog), but specifically in the case you describe where an SAP CRM and SAP R/3 are involved there is one specific reason to consider:
When order data is replicated between SAP CRM and SAP R/3 the systems will attempt to decrypt the credit card numbers prior to passing the data and therefore the RAW card number will be stored in the middleware logs. This is especially true when using SAP's native credit card encryption logic in the CRM and R/3-ECC applications.
For example, let's say a user enters a credit card as the form of payment during Order Creation in CRM. At Order Save the system will send the credit card information to your third-party server for an authorization attempt and the results will be returned to CRM. As the Order is saved and committed to the CRM database the standard SAP encryption functionality can be leveraged to encrypt the card data. Based on your middleware configuration, eventually the Order data (including the credit card details) will be sent to the R/3 or ECC system. In order to do so the CRM system will first decrypt the card number meaning that the CRM middleware logs will contain RAW card numbers. When the Order is created in R/3 or ECC the native credit card encryption functionality in R/3 or ECC could be used to encrypt the card number prior to the Order being stored in the database.
Should you choose to use a third-party server you may find, depending on how the third-party vendor's logic works in SAP, that you must utilize a BADI to decrypt the card number in CRM so that the CRM middleware has a RAW card and so that when the Orders is saved in the R/3 or ECC system it can be encrypted again with the third-party vendor solution. In either case the RAW card number is present in all systems for some period of time and potentially stored in logs thus exposing your systems to risk and greater PCI audit scrutiny.
Eric Bushman
VP, Solutions Engineering
[Paymetric|https://www.paymetric.com] -
Credit card encryption not working
Hi CRM - Payment card experts,
We have a issue, where in the CRM is interfaced with Paymetric for credit card processing. As per the design, the credit card encryption should work. But, i see no encryption happening in the crm order.
Please suggest, where could be the problem.
Thanks.
Regards,
PhanirajHi,
Can you please be more specific with your problem.
Can you please let us know where exaclty you are doing the card number encryption(BAPI/BADI/RFC/FM).
Please let us know if you are calling some third party for doing this encryption.
If you are doing the encryption internally(not calling any external third party) than you can check by debugging whether your encryption code is getting called or not,
If its a third party validation/encryption than check for the rfc connections.
If you want to write the new logic for encryption than write it in the same place where card number validation(Luhn's formula credit card validation) code is written.
Regards,
Arshi
Edited by: Arshi Arshi on Jun 15, 2009 9:38 AM
Edited by: Arshi Arshi on Jun 15, 2009 9:42 AM -
Credit Card Encryption & System Copy
Hi All,
We have done a system copy from PRD back to QA (credit card encryption is activated on both servers). The customer would like to be able to read the PRD data including the credit card details but of course the QA system can only de-crypt its own data and not the PRD data. Is there a way of de-crypting the PRD data that is already within QA and then re-encrypt using QA key?
I didn't set up the original encryption so I am learning about this as I go.
Thanks.>
Natalie wrote:
> Well, I have advised this to my customer, but at the end of the day the customer owns the system and he wants to be able to see the Productive data in the QA system.
Well, the upper management of this customer is finally (legally) responsible to ensure that access to this sensitive data is controlled and restricted (no matter where it is stored - if the data is replicated then all storages need to be protected with the same strong mechanisms).
Usually access to non-productive systems is much easier (less restrictive). So, the customer is taking quite a huge risk that this sensitive data might be less protected than (legally) required.
Aside of legal consequences the loss of trust / reputation might impose an even higher (business) risk. I would consider twice ... (but I'm not the CEO nor the CIO of that customer) ...
PS: for your own protection I'd strongly recommend that you inform the customer on those risks (in written form) and let him sign-off that you've warned him ... (otherwise you might be kept liable as well - if being engaged as adviser / consultant). -
Credit Card Encryption Question
Question from my customer (on EBS 11i):
I have a question about the Visa VCF 4 Transaction Loader. We are working
on automating this process and have installed a secured storage area to
hold the file. It is my understanding that the bank is going to send us an
encrypted file.
Is the Visa VCF 4 Transaction Loader can process a PGP encrypted file?
Your help is appreciated - thanks!The answer is that you do not store the ciphertext in the card number field. You create a reference number which is 25 bytes long that substitutes for the card number, and is stored in the card number field. The reference number, in turn, is also stored in a custom table with the ciphertext. The reference number is a unique key to that table.
You then create translation routines to encrypt/decrypt the ciphertext based on the reference number that you stored. These routines would be passed the card number field, which contains the reference number. The input parameter list for these routines are standard. The routines that do the encryption/decryption are configured to be called at the appropriate times.
- Brendan -
Credit card encryption in table BUT0CC & CCARD
Hi,
We are on SAP IS-UT release 604. We are capturing Customer credit card information at business partner level (FPP2). The credit card information is displayed as masked on the BP screens. However this is not stored as encrypted in underlying SAP tables BUT0CC and CCARD.
Can you please let me know how it is possible to store encrypted card in these tables?
Thanks
ShadabShadab,
there are various notes available explaining how to encrypt data in SAP: e.g. 662340, 842087, 836079, ...
You migh also check-out the IMG activity SPRO -> Cross Application Components -> Payment Cards ->
Basic Settings -> Maintain Payment Card Type -> "Encryption" (Flag)
Cheers,
Fritz -
Credit Card Encryption - executing tcode SSFA
Hi all,
I have searched SDN and various other site for information on what the correct sequence is to execute the tcode SSFA. We have applied the OSS Note 66462 requirements (see below) but cannot figure out how to execute step 5 - can anyone please give any advice?
To activate encryption, your system must meet the following requirements:
1. For Release 4.6C, you must import Support Package SAPKH46C46 and
2. Kernel 4.6D must have patch level 1329 (see Note 565111).
3. For Release 470, you must import Support Package SAPKH47022.
4. For Release ERP 500, you must import Support Package SAPKH50007.
5. Download and install SAPCRYPTOLIB (see Note 662340). You must use the CCARD application when you use Transaction SSFA to set up encryption.
For what it is worth - we are on 4.6C and AFS3.0BThe Basis and Security people got this done
-
Is there any off the shelf credit card enryption/decrption tool available ?
Since, Credit Card (CC) processing is very critical , my company is looking for options which are available in the market -ready to use !!!
Is there any off the shelf credit card enryption/decrption tool available ?What is "credit card encryption/decryption"?
1) Are you willing to encrypt and decrypt credit card numbers in a safe way, to store them in a database?
- JCE and crypto
2) Are you willing to communicate with the credit card companies to perform credit card transactions in a safe way?
- Contact them; there are third-party companies that sell solutions for communicating with Visa, Mastercard etc; the credit card company can tell you what company they recommend
3) Are you trying to validate the credit card numbers (no online processing needed, just validate the card numbers in Javascript)
- search for Luhn's algorithm -
Credit Card Payment at time of SO creation - Basic questions
Most of our customers pay by credit card at the time of Sales order creation. (80% of times)
Now sometimes they pickup the order at the same time and sometimes we follow the normal delivery process and ship material to them.
Now we are not sure what document type or process flow will fit this process.
Should we be using two different document types/ process to meet this requirement.
Thought of using standard order type but then as they have already paid at the time of order creation we Dont want to send Invoice at Billing stage
Shall we use Rush order or cash order for our requirement. (But they dont pickup material all the time, sometime we ship)
Also if we maintain credit card information at Customer Master level, will it flow down to sales order and Biiling process.
Thanks in advance.Jeet,
I have worked with over 350 SAP customers over the last 14 years who have implemented the SAP Payment Card Processing business logic. The majority of them use an integrated solution so that SAP submits the Authorization requests through SAP's Cross Application Payment Card Interface (CA-PCI) during Sales Order Save. Some of them use external devices\applications to perform the Authorizations outside of SAP and simply use the SAP business logic to record those transactions.
I would recommend you consider continuing to use the SAP Payment Card Processing business logic with your external Authorization process so that you can take advantage of the GL posting automation that SAP performs when an Invoice is posted to Accounting. Namely that SAP will CREDIT the Customer AR account and DEBIT the Credit Card Receivable account for the card type used. This is of great benefit to the Merchant because it eliminates the need for someone to MANUALLY post the payments to clear the open items on the Customer AR account once the Settlement deposit is received.
Another advantage is that, when researching customer orders in SAP, you'll be able to see the card details that were used for payment. Just be certain to activate SAP's credit card encryption logic or use a third-party Tokenization solution to secure the data.
Eric Bushman
[www.paymetric.com|http://www.paymetric.com] -
How to see masked Credit Card number in Sales Order !!
Hi,
In our SAP system credit card enceryption is activated. Certain users want to see the credit card number in the sales order change/display screen.We are in SAP ECC 6.0.
Please let me know how we can achieve this.
Thanks
AmbujDear Ambuj,
There is no possibility to view the credit card number unmasked in the sales order. You will always get the masked number even if you have C4 authorisation ('C4' action for the V_VBAK_AAT authorisation object). You can view the unmasked credit card number in transaction XD02/XD03.
If you use BAPISDORDER_GETDETAILEDLIST to view the order then the C4 authorisation will be checked and the unmasked number will be displayed (if the user has this authorisation).
If you have access to OSS notes then please check 836079 (FAQ: Credit card encryption and master data) and 766703 (FAQ: Credit card encryption in R/3 systems).
I hope this helps.
Best regards,
Ian Kehoe. -
API for decrypt the encrypted credit card details
Hi Friends,
Is there any PLSQL API for decrypt the encrypted credit card detail in oracle application R12.
Thanks,First, to prevent this from happening again, turn off "In App purchases" in the Restrictions settings on your iPad. You may also want to turn off the ability to install apps, to prevent purchases in case the child gets hold of your iTunes Store account information, and set the password to be required immediately. For more information, see:
http://support.apple.com/kb/HT4213
As to a refund, that's not automatic since the terms of sale for the iTunes Store state that all sales are final. You can contact the iTunes Store, explain the reason for your request, and ask, though:
http://www.apple.com/support/itunes/contact.html
They're usually pretty lenient in the case of inadvertent purchases by children. No guarantees, though, just as if your child was in a store and ate a bunch of food (in other words, something that can't just be returned).
Good luck. -
Need to decrypt credit card number
Hi Team,
Payments BC has field called Account Number (CC_NUM), it stores encrypted value in database.
Is there any program to get it from database and decrypt it to send external system?
Regards,
Sankar.PHi,
This may not be a proper answer to your question but it works for your requirement.
Store Credit card number to some other column before encrypting then send that to external system.
Thanks,
Ram. -
Bank Account number encryption similar to Credit card
Hi All,
Standard SAP supports the encryption of credit card in ECC and CRM but not for bank account details. Does anyone have experience in implementing/enhance the program to encrypt/decrypt bank account number or bank key?
Cheers
VinodAny comments please?
-
Credit Card Number Encryption Feature in SAP
Hi,
I am interfacing between legacy system and SAP(probably through BAPI). The Credit card master table is VCNUM.
The requirement is to have the Credit card number in the encrypted form. Does SAP has any feature that supports encryption feature?
Please do reply with valuable suggestions.
Thanks & Regards,
RajeshHi,
You can refer to below <b>threads</b>:
Encryption / Decryption of Credit Card Number
Re: Password encryption in SAP
Re: Information regarding encryption.
Hope you find your solution here.
Reward points for useful answers
Rgds, -
Encrypt Credit card data - table level
Hi Team,
We want to encrypt the credit card data, please let me know how to do this.
We want to encrypt the data at the table level so that the specific column cannot be viewed by others and also encrypting the column at the OS level.
11i Version:
Database: 10.2.0.5.0
Apps: 11.5.10.2
Thanks,Hi;
1. Check what Shree has been posted
2. If those note are not help you can try to use Scrambling- Data masking,see
Re: How to prevent DBA from Seeing salary data
3. If even its not help than rise SR ;)
PS:Please dont forget to change thread status to answered if it possible when u belive your thread has been answered, it pretend to lose time of other forums user while they are searching open question which is not answered,thanks for understanding
Regard
Helios
Maybe you are looking for
-
How can I open the EP login page in the same pop-up window?
is it possible for me to using / only one window(Browser) pop-up to EP Page(Login or iView...). In the firs general html page I create a EP login page link action[eg. "window.open('url', 'target_name')"], but always launching new pop-up window(Browse
-
How do I add an additional monitor on iMac 27" 3.06?
How do I add an additional monitor on iMac 27" 3.06? This is a 2012 vintage iMac without an auxiliary monitor terminal.
-
Upconvertion from labview 5.1 to 2012 (Composed RAR File)
Could anyone please upconvert this softwares from Labview 5.1 to a version which can be opened on Labview 2012? Here I had to create a composed ZIP file with 3 parts to be able to upload within the upload size limit. The forum doesn't accept RAR at a
-
Just installed 10.4. and lost 'process viewer' -
what, where, how do I use to see system processes? thanks
-
LMS 3.2 netconfig poor performance
We are seeing timeouts, commands skipping, error message "command authorization failed' , and running very slow while running netconfig ad-hoc commands on 3750's It seems that many of the problems occur with the interface range command. We have aaa r