https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaa-p/825395#M7442 <HTML><HEAD></HEAD><BODY><P>See OSS note 662340 on installing SAPCryptolib to enable card enryption. Also, see notes 766703 and 633462. Installation of cryptolib and the keys on a distributed landscape can be tricky.</P><P></P><P>Once you activate card enryption, SAP should encrypt/decrypt automatically throughout the system.</P></BODY></HTML> Fri, 14 Oct 2005 19:46:05 GMT Former Member 2005-10-14T19:46:05Z https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaq-p/825392 <HTML><HEAD></HEAD><BODY><P>Hello. I have a question about implementating database encryption for stored credit card numbers in R3 (Rel. 45B).</P><P></P><P>We have a consultant coming in the next week to help with the config. If I am understanding the flow, the encryption and decryption can be done via function calls at different times (I am assuming via user exits) in the processing.</P><P></P><P>My question is this:</P><P></P><P>If I encrypt the data, where is the encrypted value (which is much longer than the unencrypted credit card number field) to be stored? Is there a separate field used for storing the value? How long is that field?</P><P></P><P>Any feedback would be appreciated, as I am trying to do a little prep work before the consultant arrives.</P><P></P><P>Thank you.</P></BODY></HTML> Tue, 31 Aug 2004 15:42:05 GMT https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaq-p/825392 Former Member 2004-08-31T15:42:05Z https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaa-p/825393#M7440 <HTML><HEAD></HEAD><BODY><P>The answer is that you do not store the ciphertext in the card number field. You create a reference number which is 25 bytes long that substitutes for the card number, and is stored in the card number field. The reference number, in turn, is also stored in a custom table with the ciphertext. The reference number is a unique key to that table. </P><P></P><P>You then create translation routines to encrypt/decrypt the ciphertext based on the reference number that you stored. These routines would be passed the card number field, which contains the reference number. The input parameter list for these routines are standard. The routines that do the encryption/decryption are configured to be called at the appropriate times.</P><P></P><P>- Brendan</P></BODY></HTML> Mon, 27 Sep 2004 15:59:45 GMT https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaa-p/825393#M7440 Former Member 2004-09-27T15:59:45Z https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaa-p/825394#M7441 <HTML><HEAD></HEAD><BODY><P>What are the SAP functions that you call to encrypt and decrypt the card numbers? </P><P></P><P>If the fields you want to encrypt are standard SAP fields through SAP's standard transactions, did you have to modify SAP code or did you use user exits?</P></BODY></HTML> Thu, 30 Jun 2005 10:47:59 GMT https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaa-p/825394#M7441 Former Member 2005-06-30T10:47:59Z https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaa-p/825395#M7442 <HTML><HEAD></HEAD><BODY><P>See OSS note 662340 on installing SAPCryptolib to enable card enryption. Also, see notes 766703 and 633462. Installation of cryptolib and the keys on a distributed landscape can be tricky.</P><P></P><P>Once you activate card enryption, SAP should encrypt/decrypt automatically throughout the system.</P></BODY></HTML> Fri, 14 Oct 2005 19:46:05 GMT https://community.sap.com/t5/questions-about-sap-websites/encrypted-payment-card-numbers/qaa-p/825395#M7442 Former Member 2005-10-14T19:46:05Z