Payment Card Industry Data Security Standards Requirement
We store credit card numbers in our CRM and ERP systems for billing
purposes. We use Delego software for credit card security. We also mask
the credit card numbers during display.
According to our interpretation of section 3 of the Payment Card
Industry (PCI) Data Security Standards, we understand that we can
retain cardholder data only as long as needed for business, legal,
and/or regulatory purposes. According to our compliance policy that
period is 3 years.
Hence we wish to replace all card numbers older than 3 years with dummy
card numbers. Since this requirement is mandated by the PCI-DSS, we
believe SAP should be supplying us means to accomplish this. Are there any programs delivered by SAP to modify card numbers? Has anybody come across such a requirement?
Hi Gina,
Did you find good information about PCI-DSS compliance topics with SAP from this forum? In particular we are looking at options to comply with requirement 11, File Integrity Monitoring.
We would appreciate any guidance.
Thank you, TMM
Similar Messages
-
PCI DSS - Payment Card Industry / Data Security Standard
Hello Guru's;
Has anyone implemented the necessary security around credit cards according to the latest PCI DSS? If so - I'd like to chat about that. It's no longer just encrypting the credit card information, it's much more... Would love to hear good and bad.
Thanks!
GinaHi Gina,
Did you find good information about PCI-DSS compliance topics with SAP from this forum? In particular we are looking at options to comply with requirement 11, File Integrity Monitoring.
We would appreciate any guidance.
Thank you, TMM -
Data Security Standard PCI-DSS - SAP Datacenter
Hello,
one of our prospect asked the following question: Does the SAP Datacenter in Germany fullfill the requirements of PCI-DSS?
It seems that this Standard is related to the Payment Card Processing.
I checked all certifiates but I don´t find any infomation about that Standard.
Best Regards
Andreas CzechHi Gina,
Did you find good information about PCI-DSS compliance topics with SAP from this forum? In particular we are looking at options to comply with requirement 11, File Integrity Monitoring.
We would appreciate any guidance.
Thank you, TMM -
Java card returns data that is required but with 6D00 in SW field
Hi all,
I am new in smart card programming, so I need help.
I am running Eclipse with JCWDE. Trying a simple applet that should return a certain value. I get the value! And I get an 6D00 error code in SW fields. 6D00 means that instruction code is not supported or invalid. My question is how is it possible that instruction code is invalid, but the applet return the data anyway?
You can find the part of the code below:
public void process(APDU apdu) throws ISOException {
byte[] buffer = apdu.getBuffer();
// check SELECT APDU command
if (apdu.isISOInterindustryCLA()) {
if (buffer[ISO7816.OFFSET_INS] == (byte)(0xA4)) {
return;
} else {
ISOException.throwIt (ISO7816.SW_CLA_NOT_SUPPORTED);
// verify the reset of commands have the
// correct CLA byte, which specifies the
// command structure
if (buffer[ISO7816.OFFSET_CLA] != Applet_CLA)
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case 0x04:
sendData(apdu);
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}the method sendData(APDU apdu) is shown below
private void sendData(APDU apdu){
byte[] buffer = apdu.getBuffer();
short le = apdu.setOutgoing();
if ( le < 4 )
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
apdu.setOutgoingLength((byte) 4);
// move the balance data into the APDU buffer
// starting at the offset 0
buffer[0] = dataBack[0];
buffer[1] = dataBack[1];
buffer[2] = dataBack[2];
buffer[3] = dataBack[3];
// send the 2-byte balance at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)4);
}the script I run is:
powerup;
// Select the installer applet
0x00 0xA4 0x04 0x00 0x09 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0x08 0x01 0x7F;
// create FirstStep applet
0x80 0xB8 0x00 0x00 0xd 0xb 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x00 0x02 0x00 0x7F;
// select FirstStep applet
0x00 0xA4 0x04 0x00 0xb 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x00 0x02 0x7F;
// apdu get data
0xB0 0x04 0x00 0x00 0x00 0x04;
powerdown;
the answer I get is:
Received ATR = 0x3b 0xf0 0x11 0x00 0xff 0x00
CLA: 00, INS: a4, P1: 04, P2: 00, Lc: 09, a0, 00, 00, 00, 62, 03, 01, 08, 01, Le: 00, SW1: 90, SW2: 00
CLA: 80, INS: b8, P1: 00, P2: 00, Lc: 0d, 0b, 01, 02, 03, 04, 05, 06, 07, 08, 09, 00, 02, 00, Le: 0b, 01, 02, 03, 04, 05, 06, 07, 08, 09, 00, 02, SW1: 90, SW2: 00
CLA: 00, INS: a4, P1: 04, P2: 00, Lc: 0b, 01, 02, 03, 04, 05, 06, 07, 08, 09, 00, 02, Le: 00, SW1: 90, SW2: 00
CLA: b0, INS: 04, P1: 00, P2: 00, Lc: 00, Le: 04, 9e, 37, 79, b9, SW1: 6d, SW2: 00
Does this error code (6D00) means something else as well?
Edited by: Lyudmila on 2012-jul-09 03:40
Edited by: Lyudmila on 2012-jul-09 03:49>
Does this error code (6D00) means something else as well?
>Hi Lyudmila,
This error code means you should fix a mistake in your source code:
switch (buffer[ISO7816.OFFSET_INS]) {
case 0x04:
sendData(apdu);
return;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
} -
Unable to update payment cards data through ORDERS05 in va02
Hi all,
I noticed one thing that in IDOC_INPUT_ORDERS (ie creation of sales order) we have a bdcdata populated for payment cards (for header in VA01) .But when we are changing sales order by IDOC_INPUT_ORDCHG (change sales order VA02) we have no bdcdata populated for updating payment cards ( like CCNUM ) though we are passing these details through IDOC.
Can anyone tell me why bdcdata through idoc posting is getting populated in VA01 but not through VA02 . We can change payment card dara manually in VA02 why cant we achieve the same through idoc.
Please help me as updating payment card data through idoc in VA02 is my requirement .
Do i need to populate it by writing code in an exit in IDOC_INPUT_ORDCHG.
Any help is appreciated.
Thanks and Regards
SwetaHi,
Can you please let me know the segment in ORDERS05 Idoc to process the Payment card information and if the standard Function Module can handle the creation of a Sales Order with data for Payment Card.
We have a requirement to map the Tokenized Number of the Credit Card send from a store front end to ECC mapping via SAP-PI.
Thanks in Advance, -
Delivery Block Based on Payment Card validity.
Dear SAP Gurus,
We are working on a scenario, where in we need to block the delivery based on the payment card validity date, which is given in sales order.
The requirement here is, for eg. If a sales order is created during the payment card validity period, usually the partial deliveries referring the same SO. So if the card validity is over before the quantity is fully delivered, system should block the remaining qty for Delivery.
The system is proposing a status block initially while trying to do the delivery, but once the block is released the delivery can be done even after the validity expiry date.
Is there any standard process to block delivery based on Payment card Validity expiry date automatically.
Please advice
Thanks & Regards
PGHi Mr. PG,
Put the payment method as P - Payment card in customer master.
Enter the payemnt card detail in customer master in genral data page.
Use user exit or create a program which check the validty date of payment card and if it is expired then put the delivery block in the customer master.
Hope this helps.
Regards,
MT -
Sales order Table Payment card
HI
In sales order -overview screen sales tab we have
Payment card & Exp.date field Pl let me know in which TABLE-FIELD these data will be storedHi
Please find the tables below
CCDATE---EXDATBI -
Date up to which the payment card is valid.
CCDATA---CCINS -
Specifies the card type of the payment card.
REgards
Damu -
Downloading apps it asks for apple ID Pass then it says "verification required". Then says Security Code required. Doesn't accept code. itunes doesn't accept code from visa card either?Please Help
If it is trying to verify your payment info, I would be willing to guess that it is looking for the security code for your credit card. Did you credit card just get replaced lately or the expiration date change? When is the last time that you updated your payment information in iTunes?
-
SD Payment card deletion in Sales order (Standard fucntion?)
Hi all,
I have this below scenario regarding updating of Payment Card in a sales document (Header level)
Requirement is to need to be able to add/delete a payment card when an cusotmer does it online.
An customized RFC(Z_RFC_1)is called form the outer application RFC is called which internally calls
Z_RFC_1 internally calls SD_SALES_HEADER_MAINTAIN.
Here in SD_SALES_HEADER_MAINTAIN is a structure FXZAKAKOM. Here I am passing
I have the following information to pass.
TYPZM Means of payment for classifying payment card plan lines
CCINS Payment cards: Card type
CCNUM Payment cards: Card number
FKSAF Billing status for the billing plan/invoice plan date
UPDKZ Update indicator
When I send UPDKZ = u2018Iu2019 a payment card is created for that sales order.
Tables: FPLA, FPLT, FPLTC. (Tables for payment card).
Linked to VBAL-RPLNR
But when I wan to delete a card and I send u2018Du2019 in field FXZAKAKOM-UPDKZ (SD_SALES_HEADER_MAINTAIN). It does not work.
After debugging I found that I can delete the payment cards by using function BILLING_SCHEDULE_SAVE. But here the problem is the link in VBAK-RPLNR does not get updated. Hence I have to clear VBAK-RPLNR using a UPDATE statement. (Which is not advised).
Irrespective of the above scenario can any one let me know how a payment card can be deleted from a sales order using a standard function module.
Note: Currently I am using SD_SALES_HEADER_MAINTAIN.
Thanks in advance.
KiranHi manam narayana
Either you need to have a separate sales document type , but with the same sales document type OR ,it is not possible.So if you want to make it mandatory payment card field mandatory then first of all copy document type OR to ZOR . Now use transaction variants using t.code SHD0 and there give document type ZOR and business object as BUS2032.and make the feild payment cards as required .
Now create the sales order using document type ZOR for the customers for whom payment cards should be mandatory.
But with the same document type i think it is not possible.Because if you make this field mandatory it will affect to all customers
Regards
Srinath -
I purchased a macbook pro but couldnt download apps. Facts:
1. I already have an apple ID with my Ipad, which has my old (prepaid) credit card number and security code as payment information
2. I lost my credit card including all info: card number, expiry, security card. I also didnt store it anywhere else and the CC company doesnt have my security code either because it's a prepaid/loadable card (not a real credit card).
3. I purchased a Macbook Pro and tried putting in new payment info. It didnt push through as it was asking me to key in my lost security code number
4. I opened my ipad and it was asking for the same thing bec my apple ID was accessed elsewhere with the attempt to change my payment info.
5. I couldt download and purchase apps because of this, i havent downloaded pertinent software for my new computer.
Could you please help me resolve this problem?
Thank you very much
AnaContact iTunes Customer Service and request assistance with your issue.
Apple Support iTunes Store Contact Us -
Change the Data Type of a Standard Required Field
Hello Experts,
Need to know if is it possible to change the data type of a standard field. The field is marked as a required field.
For example: If a standard field is an Object Picker and I would like to change it to a string field. Is it possible? How can I do it?!
Many thanks,
Igor NakamuraHi Igor,
Since you cannot hide a required field, what you can do is move the standard required field to someplace less noticable (like the bottom of the page) and then use a validation script to set it to some benign value.
-Howie -
Payment card security code?
payment card security code?
It's asking for the 3 digit number on the back of your credit card BUT if your card has a negative balance, it'll keep asking for the code until you have funds available on your card or you enter a new credit card.
NOTE: It'll do this even if you're trying to download a free app.
A few years ago, you could download as much apps as you wanted even if you didn't have the funds. It would realize your card was declined after a few days and then block you from purchasing apps until you entered a card with the funds to pay them for your purchases. Now it's different. -
Payment Card field not required when terms Credit Card is selected
Hi all,
I am trying to make Payment Card fields required when the user selects Credit Card as Payment terms. Right now it allows to save the Sales Order even if there is no credit card number entered, even though the Payment Terms has been selected as Credit Card. I found a note 606494 but it has to do with a component we don't even have installed, so I could not implement it. Did not have any luck searching the forums. Please help!
Thanks,
SergiyCheck the settings -
Set Up Payment Guarantees
Define Forms of Payment Guarantee
Transaction: OVFD
Tables: T691K
Action: R/3 is delivered with form 02 defined for payment cards. Other than the descriptor, the only other entry should be 3 in the column labeled PymtGuaCat
Define Payment Guarantee Procedure
Transaction:
Tables: T691M/T691O
Action: Define a procedure and a description.
Forms of Payment Guarantee and make the following entries Sequential Number 1
Payment Guarantee Form 02
Routine Number 0 Routine Number can be used to validate payment card presence.
Define Customer Payment Guarantee Flag
Transaction:
Tables: T691P
Action: Define a flag to be stored in table.
Create Customer Payment Guarantee = Payment Card Payment Cards (All Customers can use Payment Cards).
Define Sales Document Payment Guarantee Flag
Transaction:
Tables: T691R
Action: Define the flag that will be associated with sales document types that are relevant for payment cards
Assign Sales Document Payment Guarantee Flag
Transaction:
Tables: TVAK
Action: Assign the document flag type the sales documents types that are relevant for payment cards.
Determine Payment Guarantee Procedure
Transaction: OVFJ
Tables: T691U
Action: Combine the Customer flag and the sales document flag to derive the payment guarantee procedure
Payment Card Configuration
Define Card Types
Transaction:
Tables: TVCIN
Action: Create the different card types plus the routine that validates the card for length and prefix (etc )
Visa , Mastercard, American Express, and Discover
Create the following entries for each payment card
AMEX American Express ZCCARD_CHECK_AMEX Month
DC Discover Card ZCCARD_CHECK_DC Month
MC Mastercard ZCCARD_CHECK_MC Month
VISA Visa ZCCARD_CHECK_VISA Month
Regards
Sai -
HT204053 what is security code for payment card
what is itune gift cards code?
Is your payment card a credit card ?
If yes, the security code is the 3 numbers written at the back of your credit card (besides your 16-digit credit card number) -
Can't remember payment card Security Code!
Just gone from aniPhone 4 to iPhone 5.
I can't remembermy Payment Card Security Code andtherefore cannotbuy any new Apps.
Help?Thanks all - I was assuming it was a pin code I had put in and not the Security code on the back of my card -doh!!
Thanks for the help!
Maybe you are looking for
-
How do I move a file to the tones folder?
I'm trying to create a ringtone. The file extention is .m4r. The file will not go in the tones folder. I try to move it and I just get that symbol that's a red circle with a diagonal line through it. I am using iTunes 10.5.2 and Windows 7 pro 64
-
How can I get my old password back?
I need my old password back from my Apple ID
-
How do I find the music I downloaded?
We have a friend who we downloaded music from to our computer. Then we moved it from the computer to the ipod. When we plug the Ipod into the car, we can hear all the music that was downloaded. But when trying to just listen to the Ipod through ear
-
I cannot use Adobe Cloud due to the age limit?
I have just bought an Adobe Cloud Student and Teacher edition subscription and it is saying that I am under the required age limit. I purchased this product due to my understanding that any student from an accredited public school or high school coul
-
Trying to append date information to a PHP subject - formmailer
I'm trying to append date information to a subject. Here's my code so far (doesn't work) $subject[0]='"Note from my web site"." ".$time()'; I would like for the output to be formatted so that the 'Subject' of the resulting email is something like