Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from Lee Allen on May 24 at 11:19 AM Sunny,
That's a good thing that the customer master is encrypted. However, you must periodically verify that to be the case not only within SAP, but in any other place it may occur. You must thoroughly map where the PCI data resides either at rest, in use, in transit, or in storage and ensure the same level of control. This is an area where "best practice" is the only way to go.
Warm regards,
| | | ---------------Original Message---------------
From: Eric Bushman
Sent: Thursday, May 24, 2012 10:20 AM
Subject: Store Credit Card Information in Customer Master
Sunny,
Thanks for the reply - that helps! So let me address each field you list:
CVV field: Merchants are forbidden to store these values and may be fined or lose their Merchant license if they do store these values. It is strictly forbidden by the PCI-DSS standards as well. This will NOT be a field you will be able to store on the Customer Master record. It is intended that you request it from the customer during each order taking process. If the order is automated it is understood that a Merchant would NOT be passing this value - doing so would indicate that the Merchant is storing the values in violation of the agreement to not do so.
Zipcode: SAP actually maps the zipcode from a partner in the order during the Order entry process. In ERP (SD) the address from the Payer partner is mapped to the Authorization request by SAP (not configurable - hard coded). In CRM the address from the Sold-to Business partner is mapped. You can change this in a userexit, but that is where SAP pulls the address (including zipcode) for the authorization request.
Card Issue date: This one I don't have a good answer for. SAP just didn't design the system with European card types in mind. I've seen companies modify the VCKUN and VCNUM structures to allow them to capture this data on the customer master record, but it is not a standard field in SAP today.
Not the answers you're looking for, but that's how SAP built this functionality.
Regards,
Eric Bushman
www.paymetric.com |
| Reply to this email to post your response. __.____._ |   _.____.__ |
