cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Credit card number for tokenization

Go to solution
Former Member

on ‎02-01-2016 8:59 AM

0 Kudos

Hi all, I'm working on Hybris 5.0 with an Oracle DB at the back-end. I'm creating a standalone java program to accomplish the following:

  1. I need to extract the data from the table into a text file as: SELECT * FROM CreditCardPaymentInfo;

  2. The first step is done. Now I want to send this text file to a payment provider who'll tokenize the credit card numbers and send the updated file back to me.

Problem: The exported credit card data shows as encrypted, for example, for a credit card 4111111111111111, it shows 1:6jfe8q85zLRlv9XjoWfBBQ==Kqs60vDdUAnBK/y/dSWUAsYr4oVhJeM1/kbR9sCVv24=

Is there any way using which I can extract the card number in clear text?

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-01-2016 11:10 AM
0 Kudos

Really interesting that payment provider is asking decoded plain CC number, this is highly insecure way of transferring the sensitive data. In terms of achieving this, First you need to check which algorithm is used to encode this. if it is one way encryption like md5, then you can't decode back. if it is two way encryption then you must need the keys to decode that. High level logic is same, but low level implementation is based upon encryption method(algorithm).

Show replies
Show replies
Former Member
‎02-01-2016 11:49 AM
0 Kudos

Thanks for your reply Shahnaz

Actually there is one more step but it was irrelevant to the problem statement and hence I skipped it. The file would be PGP encrypted and then sent to the payment provider.

Now, as far as the encryption logic is concerned, this is Hybris OOTB only and has been achieved by using the modifier in core-items.xml as encrypted="true"

Also, one more thing to notice here is that the credit card numbers appear in clear text when exported using impex export from admin console. The encryption is coming into picture only when retrieved using flexi search in admin console

Answers (0)

Ask a Question