Pinned topic Credit card number encryption
Whenever we are using a credit card number in WCS the first 12 characters of the card number are getting hidden when transferred to SAP for Inventory processing. Is there any way to not encrypt the credit card number so that the entire 16 digit number is passed to SAP? Also, where these data stored in db?
Raj.S 270002PCH7544 Posts
Re: Credit card number encryption2013-01-30T05:45:39ZThis is the accepted answer. This is the accepted answer.Hi,
You will have to exclude the keyword "account" from getting masked, which can be done in PaymentSystemPluginMapping.xml. The below link would help you with granular details.
Please make sure your application is complaint to PCI regulations before making any such changes to the sensitive data.
Reference : http://pic.dhe.ibm.com/infocenter/wchelp/v7r0m0/topic/com.ibm.commerce.pci.doc/concepts/csepcioverview.htm
LindyHopper 2700050MFM18 Posts
Re: Credit card number encryption2013-02-04T11:28:18ZThis is the accepted answer. This is the accepted answer.
- Raj.S 270002PCH7
Instead I would suggest, decrypting the ACCOUNT value using WCS decryption and immediately re-encrypt it using a shared key with the SAP system, so it remains securely encrypted throughout the transfer. Data in ORDPAYINFO is encrypted using the merchant key etc and can be decrypted in the same way.
I feel sure that sending an unencrypted credit card number between systems would not be PCI compliant, leaving the company open to massive fines if data gets leaked.
Techie_wcs 2700076KV131 Posts
Re: Credit card number encryption2015-06-02T22:59:50ZThis is the accepted answer. This is the accepted answer.
- LindyHopper 2700050MFM
do you know what is object where encrypted/encrypted value can be set ?ComposeTransferOrderCmdImpl may be the right class but don't know which object to set.
Fathi Hindi 310000PFY34 Posts
Re: Credit card number encryption2015-06-30T12:16:46ZThis is the accepted answer. This is the accepted answer.
The data in ORDPAYINFO table is encrypted using the merchant, and there is and property in the wc-server.xml configuration file to enable/disable the encrypted process.
This two property is located under Instance section in wc-server.xml.
Regards.Updated on 2015-06-30T12:17:24Z at 2015-06-30T12:17:24Z by Fathi Hindi