Encrypting payment method details
If you implement encryption, the application encrypts the payment
method details such as credit card name, expiration date, and so on,
in the following situations:
- When returned by an API
- When published as a part of event data
- When stored anywhere in the database
- When displayed on the user interface (although the user interface may have an option to override this behavior based on user access)
Encrypting payment method details through APIs
Note: It
is recommended that payment information entering the system be already
tokenized instead of being encrypted.
The application
provides the following APIs that enable you to encrypt and decrypt
payment method details, assuming that both encryption and decryption
algorithms have been implemented by the Encrypter class:
- getEncryptedString() - accepts a string passed to it and returns the string encrypted
- getDecryptedString() - accepts an encrypted string and returns the string decrypted
- getEncryptedCreditCardNumber() - returns an encrypted credit card
numberNote: getEncryptedCreditCardNumber() has been deprecated in Release 9.0. It has been replaced with getEncryptedString().
- getDecryptedCreditCardNumber() - returns the credit card number that had been encrypted using the getEncryptedCreditCardNumber() API
Note: getDecryptedCreditCardNumber() has
been deprecated in Release 9.0. It has been replaced with getDecryptedString().
Encrypting payment method details through user exits
The payment method
details can be passed to the appropriate user exit. The application
provides the following user exits for different payment methods:
- YFSCollectionCreditCardUE
- YFSCollectionCustomerAccountUE
- YFSCollectionOthersUE
- YFSCollectionStoredValueCardUE
- YFSValidateInvokedCollectionUE
Note: Some user exits, such as YFSBeforeCreateOrder
and YFSBeforeChangeOrder, have access to the payment method details
before they are encrypted in the system.
For detailed information about these user exits, see the Javadoc.