Hello. I have a question about implementating database encryption for stored credit card numbers in R3 (Rel. 45B).
We have a consultant coming in the next week to help with the config. If I am understanding the flow, the encryption and decryption can be done via function calls at different times (I am assuming via user exits) in the processing.
My question is this:
If I encrypt the data, where is the encrypted value (which is much longer than the unencrypted credit card number field) to be stored? Is there a separate field used for storing the value? How long is that field?
Any feedback would be appreciated, as I am trying to do a little prep work before the consultant arrives.
The answer is that you do not store the ciphertext in the card number field. You create a reference number which is 25 bytes long that substitutes for the card number, and is stored in the card number field. The reference number, in turn, is also stored in a custom table with the ciphertext. The reference number is a unique key to that table.
You then create translation routines to encrypt/decrypt the ciphertext based on the reference number that you stored. These routines would be passed the card number field, which contains the reference number. The input parameter list for these routines are standard. The routines that do the encryption/decryption are configured to be called at the appropriate times.