Encrypting payment method details
If you implement encryption, the application encrypts the payment method details such as credit card name, expiration date, and so on, in the following situations:
- When returned by an API
- When published as a part of event data
- When stored anywhere in the database
- When displayed on the user interface (although the user interface may have an option to override this behavior based on user access)
Encrypting payment method details through APIs
Note: It is recommended that payment information entering the system be already tokenized instead of being encrypted.
The application provides the following APIs that enable you to encrypt and decrypt payment method details, assuming that both encryption and decryption algorithms have been implemented by the Encrypter class:
- getEncryptedString() - accepts a string passed to it and returns the string encrypted
- getDecryptedString() - accepts an encrypted string and returns the string decrypted
- getEncryptedCreditCardNumber() - returns an encrypted credit card
numberNote: getEncryptedCreditCardNumber() has been deprecated in Release 9.0. It has been replaced with getEncryptedString().
- getDecryptedCreditCardNumber() - returns the credit card number that had been encrypted using the getEncryptedCreditCardNumber() API
Note: getDecryptedCreditCardNumber() has been deprecated in Release 9.0. It has been replaced with getDecryptedString().
Encrypting payment method details through user exits
The payment method details can be passed to the appropriate user exit. The application provides the following user exits for different payment methods:
Note: Some user exits, such as YFSBeforeCreateOrder and YFSBeforeChangeOrder, have access to the payment method details before they are encrypted in the system.
For detailed information about these user exits, see the Javadoc.