Topic
  • 5 replies
  • Latest Post - ‏2015-06-30T12:16:46Z by Fathi Hindi
SystemAdmin
SystemAdmin
8614 Posts

Pinned topic Credit card number encryption

‏2013-01-29T22:42:51Z |
Hi,

Whenever we are using a credit card number in WCS the first 12 characters of the card number are getting hidden when transferred to SAP for Inventory processing. Is there any way to not encrypt the credit card number so that the entire 16 digit number is passed to SAP? Also, where these data stored in db?
Updated on 2013-02-04T11:28:18Z at 2013-02-04T11:28:18Z by LindyHopper
  • Raj.S
    Raj.S
    524 Posts

    Re: Credit card number encryption

    ‏2013-01-30T05:45:39Z  
    Hi,

    You will have to exclude the keyword "account" from getting masked, which can be done in PaymentSystemPluginMapping.xml. The below link would help you with granular details.

    http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.payments.events.doc/refs/rppppcmapper.htm
    Please make sure your application is complaint to PCI regulations before making any such changes to the sensitive data.

    Reference : http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.pci.doc/concepts/csepcioverview.htm
    Rgds,Raj.
  • LindyHopper
    LindyHopper
    18 Posts

    Re: Credit card number encryption

    ‏2013-02-04T11:28:18Z  
    • Raj.S
    • ‏2013-01-30T05:45:39Z
    Hi,

    You will have to exclude the keyword "account" from getting masked, which can be done in PaymentSystemPluginMapping.xml. The below link would help you with granular details.

    http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.payments.events.doc/refs/rppppcmapper.htm
    Please make sure your application is complaint to PCI regulations before making any such changes to the sensitive data.

    Reference : http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.pci.doc/concepts/csepcioverview.htm
    Rgds,Raj.
    I'd have thought turning off encryption in that manner would be deeply unwise.

    Instead I would suggest, decrypting the ACCOUNT value using WCS decryption and immediately re-encrypt it using a shared key with the SAP system, so it remains securely encrypted throughout the transfer. Data in ORDPAYINFO is encrypted using the merchant key etc and can be decrypted in the same way.

    I feel sure that sending an unencrypted credit card number between systems would not be PCI compliant, leaving the company open to massive fines if data gets leaked.

    Regards.
  • Techie_wcs
    Techie_wcs
    27 Posts

    Re: Credit card number encryption

    ‏2015-06-02T22:59:50Z  
    I'd have thought turning off encryption in that manner would be deeply unwise.

    Instead I would suggest, decrypting the ACCOUNT value using WCS decryption and immediately re-encrypt it using a shared key with the SAP system, so it remains securely encrypted throughout the transfer. Data in ORDPAYINFO is encrypted using the merchant key etc and can be decrypted in the same way.

    I feel sure that sending an unencrypted credit card number between systems would not be PCI compliant, leaving the company open to massive fines if data gets leaked.

    Regards.

    do you know what is object where encrypted/encrypted value can be set ?ComposeTransferOrderCmdImpl may be the right class but don't know which object to set.

  • LindyHopper
    LindyHopper
    18 Posts

    Re: Credit card number encryption

    ‏2015-06-03T07:50:04Z  

    do you know what is object where encrypted/encrypted value can be set ?ComposeTransferOrderCmdImpl may be the right class but don't know which object to set.

    Sorry. I've no idea. I've never used or heard of ComposeTransferOrderCmdImpl before.

  • Fathi Hindi
    Fathi Hindi
    4 Posts

    Re: Credit card number encryption

    ‏2015-06-30T12:16:46Z  

    The data in ORDPAYINFO  table is encrypted using the merchant, and there is and property in the wc-server.xml configuration file to enable/disable the encrypted process.

    MerchantKey="ldavcbajddpascd+xZpJDiK/DbuVqOEE+"
    PDIEncrypt="on/off"

     

    This two property is located under Instance section in wc-server.xml.

     

    Regards.

    Updated on 2015-06-30T12:17:24Z at 2015-06-30T12:17:24Z by Fathi Hindi