Whenever we are using a credit card number in WCS the first 12 characters of the card number are getting hidden when transferred to SAP for Inventory processing. Is there any way to not encrypt the credit card number so that the entire 16 digit number is passed to SAP? Also, where these data stored in db?
This topic has been locked.
2 replies Latest Post - 2013-02-04T11:28:18Z by LindyHopper
Pinned topic Credit card number encryption
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-02-04T11:28:18Z at 2013-02-04T11:28:18Z by LindyHopper
Raj.S 270002PCH7427 PostsACCEPTED ANSWER
Re: Credit card number encryption2013-01-30T05:45:39Z in response to SystemAdminHi,
You will have to exclude the keyword "account" from getting masked, which can be done in PaymentSystemPluginMapping.xml. The below link would help you with granular details.
Please make sure your application is complaint to PCI regulations before making any such changes to the sensitive data.
Reference : http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.pci.doc/concepts/csepcioverview.htm
LindyHopper 2700050MFM17 PostsACCEPTED ANSWER
Re: Credit card number encryption2013-02-04T11:28:18Z in response to Raj.SI'd have thought turning off encryption in that manner would be deeply unwise.
Instead I would suggest, decrypting the ACCOUNT value using WCS decryption and immediately re-encrypt it using a shared key with the SAP system, so it remains securely encrypted throughout the transfer. Data in ORDPAYINFO is encrypted using the merchant key etc and can be decrypted in the same way.
I feel sure that sending an unencrypted credit card number between systems would not be PCI compliant, leaving the company open to massive fines if data gets leaked.