Credit Card Encryption Question

Question from my customer (on EBS 11i):
I have a question about the Visa VCF 4 Transaction Loader. We are working
on automating this process and have installed a secured storage area to
hold the file. It is my understanding that the bank is going to send us an
encrypted file.
Is the Visa VCF 4 Transaction Loader can process a PGP encrypted file?
Your help is appreciated - thanks!

The answer is that you do not store the ciphertext in the card number field. You create a reference number which is 25 bytes long that substitutes for the card number, and is stored in the card number field. The reference number, in turn, is also stored in a custom table with the ciphertext. The reference number is a unique key to that table.
You then create translation routines to encrypt/decrypt the ciphertext based on the reference number that you stored. These routines would be passed the card number field, which contains the reference number. The input parameter list for these routines are standard. The routines that do the encryption/decryption are configured to be called at the appropriate times.
- Brendan

Similar Messages

  • Credit card encryption not working

    Hi CRM - Payment card experts,
    We have a issue, where in the CRM is interfaced with Paymetric for credit card processing. As per the design, the credit card encryption should work. But, i see no encryption happening in the crm order.
    Please suggest, where could  be the problem.
    Thanks.
    Regards,
    Phaniraj

    Hi,
    Can you please be more specific with your problem.
    Can you please let us know where exaclty you are doing the card number encryption(BAPI/BADI/RFC/FM).
    Please let us know if you are calling some third party for doing this encryption.
    If you are doing the encryption internally(not calling any external third party) than you can check by debugging whether your encryption code is getting called or not,
    If its a third party validation/encryption than check for the rfc connections.
    If you want to write the new logic for encryption than write it in the same place where card number validation(Luhn's formula credit card validation) code is written.
    Regards,
    Arshi
    Edited by: Arshi Arshi on Jun 15, 2009 9:38 AM
    Edited by: Arshi Arshi on Jun 15, 2009 9:42 AM

  • Credit Card Encryption & System Copy

    Hi All,
    We have done a system copy from PRD back to QA (credit card encryption is activated on both servers). The customer would like to be able to read the PRD data including the credit card details but of course the QA system can only de-crypt its own data and not the PRD data. Is there a way of de-crypting the PRD data that is already within QA and then re-encrypt using QA key?
    I didn't set up the original encryption so I am learning about this as I go.
    Thanks.

    >
    Natalie wrote:
    > Well, I have advised this to my customer, but at the end of the day the customer owns the system and he wants to be able to see the Productive data in the QA system.
    Well, the upper management of this customer is finally (legally) responsible to ensure that access to this sensitive data is controlled and restricted (no matter where it is stored - if the data is replicated then all storages need to be protected with the same strong mechanisms).
    Usually access to non-productive systems is much easier (less restrictive). So, the customer is taking quite a huge risk that this sensitive data might be less protected than (legally) required.
    Aside of legal consequences the loss of trust / reputation might impose an even higher (business) risk. I would consider twice ... (but I'm not the CEO nor the CIO of that customer) ...
    PS: for your own protection I'd strongly recommend that you inform the customer on those risks (in written form) and let him sign-off that you've warned him ... (otherwise you might be kept liable as well - if being engaged as adviser / consultant).

  • Credit Card Encryption through RFC calls to third party software

    Dear All,
       I am working on credit card encryption in CRM. At our firm, we have SAP R/3 which is integrated with third party server for performing credit card encryption using RFC calls. We want to perform similar thing in SAP CRM. I was looking into SAP standard mechanism to perform encryption and it seems they use class CL_PCA_SECURITY -> External Encryption to encrypt credit card. Are there any BADIs available for me to change behaviour of this call and call our listeners (for third party server) instead of what standard SAP is calling. Here is what in the code:
    call C function 'SSFENVELOPE'
      CALL 'SSF_ABAP_SERVICE'                                 "#EC CI_CCALL
           ID 'OPCODE'             FIELD   SSF_OPCODES-ENVELOPE
           ID 'SECTOOLKIT'         FIELD   SSFTOOLKIT
           ID 'STRFORMAT'          FIELD   STR_FORMAT
           ID 'STRFORMATL'         FIELD   STR_FORMAT_L
           ID 'BINENC'             FIELD   B_INENC
           ID 'IOSPEC'             FIELD   IO_SPEC
           ID 'OSTRINPUTDATAL'     FIELD   OSTR_INPUT_DATA_L
           ID 'STRPAB'             FIELD   STR_PAB
           ID 'STRPABL'            FIELD   STR_PAB_L
           ID 'STRPABPASSWORD'     FIELD   STR_PAB_PASSWORD
           ID 'STRPABPASSWORDL'    FIELD   STR_PAB_PASSWORD_L
           ID 'OSTRENVELOPEDDATAL' FIELD   OSTR_ENVELOPED_DATA_L
           ID 'CRC'                FIELD   CRC
           ID 'OSTRINPUTDATA'      FIELD   OSTR_INPUT_DATA-SYS
           ID 'RECIPIENTLIST'      FIELD   RCPTAB-SYS
           ID 'OSTRENVELOPEDDATA'  FIELD   OSTR_ENVELOPED_DATA-SYS
           ID 'STRSYMENCRALG'      FIELD   STR_SYM_ENCR_ALG
           ID 'STRSYMENCRALGL'     FIELD   STR_SYM_ENCR_ALG_L.

    Vivek,
    While it may be technically possible to accomplish what you are suggesting (leveraging the encryption functionality provided by your third-party server) I would recommend strongly that you consider a token-based solution instead.  You can learn more about tokenization on this [blog|/people/eric.bushman4/blog/2009/01/02/tokenization-as-a-means-of-securing-credit-card-numbers ].
    There are many reasons why a token-based solution is superior to using application specific encryption (as outlined in the blog), but specifically in the case you describe where an SAP CRM and SAP R/3 are involved there is one specific reason to consider:
    When order data is replicated between SAP CRM and SAP R/3 the systems will attempt to decrypt the credit card numbers prior to passing the data and therefore the RAW card number will be stored in the middleware logs.  This is especially true when using SAP's native credit card encryption logic in the CRM and R/3-ECC applications. 
    For example, let's say a user enters a credit card as the form of payment during Order Creation in CRM.  At Order Save the system will send the credit card information to your third-party server for an authorization attempt and the results will be returned to CRM.  As the Order is saved and committed to the CRM database the standard SAP encryption functionality can be leveraged to encrypt the card data.  Based on your middleware configuration, eventually the Order data (including the credit card details) will be sent to the R/3 or ECC system.  In order to do so the CRM system will first decrypt the card number meaning that the CRM middleware logs will contain RAW card numbers.  When the Order is created in R/3 or ECC the native credit card encryption functionality in R/3 or ECC could be used to encrypt the card number prior to the Order being stored in the database.
    Should you choose to use a third-party server you may find, depending on how the third-party vendor's logic works in SAP, that you must utilize a BADI to decrypt the card number in CRM so that the CRM middleware has a RAW card and so that when the Orders is saved in the R/3 or ECC system it can be encrypted again with the third-party vendor solution.  In either case the RAW card number is present in all systems for some period of time and potentially stored in logs thus exposing your systems to risk and greater PCI audit scrutiny.
    Eric Bushman
    VP, Solutions Engineering
    [Paymetric|https://www.paymetric.com]

  • Credit card encryption-decryption

    We are going in for credit card enryption.Once a credit card is encrypted,can it be decrypted back again?Is there any transaction to do that?
    Jen

    Hi Jennifer
    The link will answer your question
    http://help.sap.com/saphelp_47x200/helpdata/en/68/de611988ac11d194be00a0c92946ae/frameset.htm
    Thanks
    G. Lakshmipathi

  • Credit card encryption in table BUT0CC & CCARD

    Hi,
    We are on SAP IS-UT release 604. We are capturing Customer credit card information at business partner level (FPP2). The credit card information is displayed as masked on the BP screens. However this is not stored as encrypted in underlying SAP tables BUT0CC and CCARD.
    Can you please let me know how it is possible to store encrypted card in these tables?
    Thanks
    Shadab

    Shadab,
    there are various notes available explaining how to encrypt data in SAP:  e.g. 662340, 842087, 836079, ...
    You migh also check-out the IMG activity SPRO -> Cross Application Components -> Payment Cards ->           
    Basic Settings -> Maintain Payment Card Type -> "Encryption" (Flag)
    Cheers,
    Fritz

  • Payment gateway and credit card addon questions

    Folks,
    I'm just getting in to understanding an eCommerce setup for WebTools and am hitting some mental blocks on how the payment gateway and credit card add-ons work together.  I have looked through the material on the portal but haven't been able to nail the flow of control, so any help in understanding this would be much appreciated.
    My understanding so far is that an end user of WebTools may have a collection of credit cards in his/her virtual wallet when placing an order.  When the order is going through checkout, the payment gateway either authorises or denies the order and provides some kind of authorisation token on success.
    Am I right in thinking that the order that goes through to B1 also carries the encrypted information of the credit card details and authorisation id from the gateway?  If so, are these encrypted details stored against the sales order (in the ORDR table in B1?).   
    The sync manager config just says "Certified Add on" for the "B1 CreditCard Addon" .  Does this mean that any certified credit card addon can decrypt these details?  If not, is there a predefined list of addons that work? 
    I am looking at details of the CitiXSys credit card add-on to see if that can work, but their credit card setup is at a business partner level, not at a per-user level like WebTools, so I can't see how data can be synced.  In fact, in addons that do work with WebTools, are credit card details (i.e. the list of credit cards in a users wallet) sync'd between the systems so that orders can be placed either directly in B1 OR through webtools?
    Finally - we are looking at an eCommerce implementation in Australia.  Has anyone completed an implementation here and can let us know a combination of payment gateway provider and credit card addon that works in Australia?
    thanks,
    Murray.

    Check out Verisign/PayPal/Pay Flow Pro, I believe they have a Gateway available in AUS.
    As far as the flow, the encrypted CC data is stored on the order, and right now there are a few Addons that can decrypt the data, the most popular being CitiXsys's solution(previously American Express)
    In addition to the CC number and expiration date, the AuthCode granted by the CC Gateway is also stored.
    Web tools does a minimal CC Number check before going to the CC Gateway as well, done on the Billing.aspx page, saving charges on the CC Gateway for card numbers that aren't even close to correct(such as 111 for a Visa card)
    The verify.aspx page sends data to the CC Gateway provider setup in the Admin - Setup - Credit Card Gateway, then either is returned an error message or if successful then moves to the confirm.aspx page.
    The data is then synched along with the order to B1, if so chosen in the synchmanager, in encypted format.
    There is also the option of using the CC Gateway's website to do the capture as well. This means you manually generate a payment in B1 of couse.

  • Credit Card Info Question

    When you enter your credit card information to purchase an app, how long does it stay in the system?  Can you erase it?

    Credit card information is saved when you purchase an app, consequently until you manually change that or decide to remove your card. Apple and iTunes do not keep personal information such as credit and billing info. If you are really concerned, then cancel the card or wait until the expiration is up as you won't be able to use it

  • Please help with credit card hold question

    I just recently made my own apple id and i would like to know if apps i download will show up, by name, on the credit card hold. I want to download a free app without my parents knowing. My email is associated with the id. Please help.

    cherryqueen2 wrote:
    i had the same problem asked my company they had no answer so now what??
    No answer, what nothing at all? Surely they confirmed that you have the correct number or if it was not, they offered to supply you with a replacement card, with new security code.
    And if you have confirmed with your credit card company that the number you are using is correct, but iTunes doesn't recognise it, I'd say that was down to the credit card company and iTunes to sort it out, not you.
    It's immaterial that you were purchsing free app, you still need a valid credit card.
    Phil

  • Credit Card Encryption - executing tcode SSFA

    Hi all,
    I have searched SDN and various other site for information on what the correct sequence is to execute the tcode SSFA.  We have applied the OSS Note 66462 requirements (see below) but cannot figure out how to execute step 5 - can anyone please give any advice?
    To activate encryption, your system must meet the following requirements:
    1. For Release 4.6C, you must import Support Package SAPKH46C46 and
    2. Kernel 4.6D must have patch level 1329 (see Note 565111).
    3. For Release 470, you must import Support Package SAPKH47022.
    4. For Release ERP 500, you must import Support Package SAPKH50007.
    5. Download and install SAPCRYPTOLIB (see Note 662340). You must use the CCARD application when you use Transaction SSFA to set up encryption.
    For what it is worth - we are on 4.6C and AFS3.0B

    The Basis and Security people got this done

  • Credit Card Payment at time of SO creation - Basic questions

    Most of our customers pay by credit card at the time of Sales order creation. (80% of times)
    Now sometimes they pickup the order at the same time and sometimes we follow the normal delivery process and ship material to them.
    Now we are not sure what document type or process flow will fit this process.
    Should we be using two different document types/ process to meet this requirement.
    Thought of using standard order type but then as they have already paid at the time of order creation we Dont want to send Invoice at Billing stage
    Shall we use Rush order or cash order for our requirement. (But they dont pickup material all the time, sometime we ship)
    Also if we maintain credit card information at Customer Master level, will it flow down to sales order and Biiling process.
    Thanks in advance.

    Jeet,
    I have worked with over 350 SAP customers over the last 14 years who have implemented the SAP Payment Card Processing business logic.  The majority of them use an integrated solution so that SAP submits the Authorization requests through SAP's Cross Application Payment Card Interface (CA-PCI) during Sales Order Save.  Some of them use external devices\applications to perform the Authorizations outside of SAP and simply use the SAP business logic to record those transactions.
    I would recommend you consider continuing to use the SAP Payment Card Processing business logic with your external Authorization process so that you can take advantage of the GL posting automation that SAP performs when an Invoice is posted to Accounting.  Namely that SAP will CREDIT the Customer AR account and DEBIT the Credit Card Receivable account for the card type used.  This is of great benefit to the Merchant because it eliminates the need for someone to MANUALLY post the payments to clear the open items on the Customer AR account once the Settlement deposit is received.
    Another advantage is that, when researching customer orders in SAP, you'll be able to see the card details that were used for payment.  Just be certain to activate SAP's credit card encryption logic or use a third-party Tokenization solution to secure the data.
    Eric Bushman
    [www.paymetric.com|http://www.paymetric.com]

  • SAP 4.7 Encryption questions

    Dear SAP on i5 community,
    We are running SAP 4.7 and i5 OS 5.3.0 and have the following questions about how encryption works;
    Encryption questions
    1. How do we determine precisely what encryption algorithm is used to encrypt credit card data in our R/3 system?
    2. How are the encryption keys for this algorithm generated or provided?
    3. How and where are encryption keys for this algorithm are managed?
    4. Is there a way to change the encryption keys?
    We look forward to your replies...Thank you!
    TMM

    Hello Tim,
    You could take a look at the following blog and the Notes refered.
    Enable Credit Card Encryption
    If I am not mistaken...
    1. Decided by SAP already
    2. You generate the keys through SAP transactions (details in Notes and blog)
    3. Keys are saved in a file on the OS level (make sure it is safe)
    4. Yes, you can. But all the previous credit cards will be lost.
    Hope it helps.
    Best regards,
    Victor

  • How to see masked Credit Card number in Sales Order !!

    Hi,
    In our SAP system credit card enceryption is activated. Certain users want to see the credit card number in the sales order change/display screen.We are in SAP ECC 6.0.
    Please let me know how we can achieve this.
    Thanks
    Ambuj

    Dear Ambuj,
    There is no possibility to view the credit card number unmasked in the sales order. You will always get the masked number even if you have C4 authorisation ('C4' action for the V_VBAK_AAT authorisation object). You can view the unmasked credit card number in transaction XD02/XD03.
    If you use BAPISDORDER_GETDETAILEDLIST to view the order then the C4 authorisation will be checked and the unmasked number will be displayed (if the user has this authorisation).
    If you have access to OSS notes then please check 836079 (FAQ: Credit card encryption and master data) and 766703 (FAQ: Credit card encryption in R/3 systems).
    I hope this helps.
    Best regards,
    Ian Kehoe.

  • Can I switch credit cards and upgrade from the "Basic 30 day opt out trial" to the full version?

    It seems the free trial does not allow me to create an HTML web form.  To test the HTML web forms I must pay $0.99 for the 30 opt-out trial...
    I want to test an HTML web form on FormsCentral for a few weeks to "kick the tires".  But I work for a City government that requires leaping through bureauracratic hurdles to purchase online with a credit card.
    So I am considering using my own personal credit card for the trial, and then opting-out. 
    If my testing goes well and once I get the purchase requisition processed by the City bean counters, I plan to re-enroll using the City P-Card as the credit card.
    Question:
    Can I save the HTML web forms created during the 30 day opt-out trial and somehow transfer them into the new Employer funded FormsCentral account?  Or can I somehow reinstate the original account I opted out of, and apply a different credit card for that account?

    Hi;
    I'll do my best to answer your questions.
    First, the "Free" Formscentral account does allow you to create HTML web forms, that is the basis of the product and the Free level account gives you most of the HTML forms creation tools to explore.  This page goes into more detail of what you get with the Free versus paid plans:  https://www.acrobat.com/formscentral/en/features/compare-plans.html
    I'd recommend kicking the tires in the Free account and exploring the list of features you'd get by upgrading.
    If you sign up for a "Basic 30 day opt out trial" you should be able to manage your account/subscription information here:
    ) Go to https://www.adobe.com/account/my-products-services.html#MyServicesHeader
    ) Sign in using the AdobeID for your account
    ) On this page you should see your FormsCentral subscription listed and it will show how long until it expires and allow you to manage the account and billing information there.
    If for whatever reason you needed to create a new account after approval from the bean counters you could share any forms that you created in the original account with the new account and then "Duplicate" the forms, you would lose the original URL to the form (each form would get a new URL when they were duplicated) but the form would be identical and you can duplicate with the responses.  Another option is to "Export design file" from the first account and then import that into the new account.
    I hope that answers your questions, feel free to ask follow up.
    Thanks,
    Josh

  • Online Credit Cards....

    Hi, I would like firstly say that I am unable to buy Apps, the reason being my country which is Trinidad, capital Port of Spain is not located in the list Apple has provided in the billing address for the credit cards, the question I have is how can I buy apps if i am unable to enter my credit card information?

    I m Satheesh from India.Currently I m working in
    Banking Domain.I want to do the following problem.But
    I dont have any idea abt that.I'm pretty sure you have many co-workers that can help you.
    Sorry, but we're not here to do your job and design a whole application for you.

Maybe you are looking for

  • How can I store received email in a folder on my iPad *

    How can I store received email in a folder on my iPad * I am trying to save certain messages on my iPad but don't know how to make a folder with email!

  • Preview do not work well

    Recently I've noted that PDFs downloaded from my suppliers (water, phone, electricity-) lose the text but not images if opened with Preview. When opened with Acrobat Reader the docs looks correctly. Is there anybody that can help me? Thanks a lot.

  • My ON OFF button

    My ON OFF button on the phone does not work. And my phone is warranted. What should I do?

  • OLEDB Syntax error INSERT INTO in DAL

    hi guys im having problems with my DAL in my school project before im starting new one maybe you can help me using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Data; using System.Data.OleDb; public class

  • So many problems after downloading verizon internet suite!!

    After downloading the verizon internet suite , i am having some major issues with my computer that i have never had in the 3 years that i have had it. Actually , i have never had problems with my computer or any of the anti spyware and anti virus pro