Choosing an encryption and decryption strategy
There are multiple deployment options when choosing an encryption strategy.
- No encryption or decryption
- External tokenization
- Both encryption and decryption
- No decryption
Use the following explanation to guide your decision-making process:
Using no encryption and no decryption
Do not save clear text credit cards numbers in the database. However, you may configure encryption in Sterling Selling and Fulfillment Foundation , if:
- Your business does not accept, process, or store credit card numbers or other sensitive information.
- All encryption and decryption is handled externally. The application passes the externally encrypted credit card numbers to other systems. If you enable encryption, strings that are encrypted would be encrypted again.
External tokenization
TheSterling Sensitive Data Capture Server application captures and tokenizes credit card numbers and store value card numbers.
Using both encryption and decryption
The application encrypts and decrypts credit card numbers automatically as required. However, this strategy is not the recommended encryption strategy.
Using encryption but no decryption
If your business requiresSterling Selling and Fulfillment Foundation to store credit card numbers, but you never want Sterling Selling and Fulfillment Foundation to automatically decrypt them under any circumstances, you may want to enable only the encrypt function and disable the decrypt function.
This way,Sterling Selling and Fulfillment Foundation encrypts the credit card numbers passed in as clear text but never converts them back. OnceSterling Selling and Fulfillment Foundation encrypts the information, all your custom extensions are passed as encrypted credit card numbers and must handle decryption externally. It is important to note that a few user exits inSterling Selling and Fulfillment Foundation (for example, YFSbeforeCreateOrderUE) are invoked before the credit card number is encrypted, so it still has access to the clear text number.