on 08-23-2020 8:37 AM
I checked in few case for sales order transaction VA02/VA03 credit card detail is masked But when i checked in table FPLTC , there are 3 entries corresponding entires maintained for the related Billing plan number / invoicing plan number of the sales order as shown below.
Here one of the entires higlited beblow is not masked in table FPLTC .
I have got the requirement to mask the entries in table FPLTC , that are not msked.
So as a ABAPer here I want to understand the functioanlity , why there is 3 entires maintained and why the last entry is not masked .
Can anyone please help me to understand this case as i could not find more details about this case in SCN and let me know incase for detail required from myside .
Thanks
Prabin
Prabin Pradhan, so this error only happens for returns? In that case I would check the copy control routines, there must be custom coding in place (see point 3.)
1) credit card data is entered manually for returns?
You say that business enters credit card data manually for a sales document? They obviously cant do this via standard "VA02 -> Payment Cards -> Manual Authorisation" functionality, because based on your screenshot CCAUA is empty and not 'X'. So there must be custom coding (either a z-transaction/z-report/modifications/user-exit/badi) that makes this functionality available.
2) What is the business process with credit card payment from sales order to invoice to return?
a) When payment is done via a credit card for a sales order, the sales document needs to have a reference to the credit card transaction (normally achieved through records in FPLA/FPLT/FPLTC). The sales document would have a minimum of two records in FPLTC, one for the card and the other for the transaction.
=> supported by SAP standard, basic customizing and custom authorisation FM will enable these functionalities
b) The invoice will get a copy of the transaction only (therefore just having one record in this example). The settlement amount will be posted to the linked financial accounts and the settlement run will make the final settlement of the authorisation through a payment service provider (that is if a two-step authorisation-settlement process has been implemented).
=> supported by SAP standard, basic customizing and custom settlement FM will enable these functionalities
c) When a return sales document is created (either based on the invoice or the order), and the credit card transaction needs to be fully or partially reversed, the return sales document will also need at least two records, one for the card and one for the transaction. The transaction for the return also needs to be a copy of the original sales document transaction (mainly it has to reference the same transaction) whereas the authorisation amount (return amount) cannot be higher than the settled amount.
=> the automatic creation of credit card transactions in a return order based on an invoice or a sales document are not supported by the SAP standard. Either a custom copy routine has to be implemented, or it has to be entered manually (manual entries are always error-prone).
3) Check for custom code in copying routines
To check whether there is a custom check and copy routine in place, that allows for the copy of credit card data, look at the following customizings and find the routines for your case based on the document flow of your return order (either it is based on invoice or on the sales document. In those routines, based on VBRK-RPLNR or VBAK-RPLNR, there should be custom coding in place, that will copy card and transaction data from the predecessing document to the return order.
SPRO -> Sales and Distribution -> Sales -> Maintain Copy Control for Sales Documents
4) SAP standard copying routines logic regarding payment plans
The standard routines (if not customized/modified), will only address the existence of a payment card plan from the invoice or the sales document and throw out a warning when the copying requirement is performed. The standard routines do not copy any payment card data. SAP did not want to touch this highly company and process dependent subject of payment cards in returns and credit memos, and therefore leaves it up to the company to deal with this matter with custom code or internal process guidelines.
The following coding can be found in any SAP standard copy requirement routines when a payment plan is available in the predecessing document:
" The system will not copy card info from the reference document - Check
IF NOT VBAK-RPLNR IS INITIAL. "CCARD (or VBRK-RPLNR when copying from invoice to return)
MESSAGE W045(V/). "CCARD
ENDIF. "CCARD
You can also check the routines with transaction VOFM:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The following information will help you to understand Data in FPLTC as well as how encryption works.
With this information, you should be able to either find an existing standard program or write a custom program to fix the current faulty records.
Credit Card and Transaction Data in table FPLTC
Storing Credit Card Numbers / Alias/Token in SAP system
Credit Card encryption in SAP system
Further information:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for all these information.
Please find my reponse below for your question .
Do you actually have real credit card numbers in your SAP system?
Yes , as shown in the screenshot for some record in FPLTC , credit card number(CCNUM) is not coming in encrypted format.that is the reason i am trying to figure out why this is happening for only record of FPLTC table.
I assume, that for the purpose of the screenshot, you actually changed the real value for the credit card number
Yes , you are right . I have changed the actual credit card number . actual amex card number start with “37” or “34”.
Whats your customizing setting in "Cross-Application Components => Payment Cards => Basic Settings => Make Security Settings for Payment Cards"?
Is it "Masked Display, and Encrypted When Saved."?
yes , it is Masked Display, and Encrypted When Saved . screenshot atatched .
Is encryption turned on for certain/all credit card types " ... => Maintain Payment Card Type"? (customizing table CCARDEC_CUST Encryption of Payment Card Type)
yes encryption is tuned on . screenshot attached .
What system and release are you currently on?
ECC system and 740 release .
As understood from your explanation , based on the confiuration under "Cross-Application Components => Payment Cards => Basic Settings => Make Security Settings for Payment Cards" system should automatically mask and encrpte the credit card value . Am i correct ? if yes then why some reord of table FPLTC is not getting masked and encrpted .
If No then what can be the reason , is it becasue of some custom code is running in the backround , that i have to check ?
Please correct me if my understanding is not right .
Also I noticed this issue is exist mostly when we have more than 2 record in table FPLCT for a single FPLNR value as i have mentioned earlier screenshot and especially incase of FPLTR = 900001 / 900002 not incase of 000001 . Not sure why ?
Currently as per the requirement , I have to stop this issue getting repeated in the furture so that new record will always get created with masked and encrypted credit card value in table FPLTC .
for existing credit card values in FPLTC table, which are not masked and encrypted , we are keeping it as it is , may be in furture I have to write a custom program to mask and encrypte those record.
Regards,
Prabin
How do sales orders with credit cards get created in the SAP system, and how do transactions get created?
In our case Credit card details are entered manually by separate team once they get the credit details from Customrer.So we are sure that card details are not stored while creating sales order .
What is the CCARD_GUID
What is the authorisation type
What is the call status (CCALL), what is the reaction (REACT)
please find below screenshot for the above fields value detail
What are the sales document types
Document type is H (Return)
Are there any change documents in CDHDR, CDPOS for when and by who those records where created?
there is no entry for FNAME = CCNUM in CDPOS
I checked the logic in custom FMs for authorisation and settlement in cust. table TCCAA (FNAUT,FNSET) but Looks like there is no logic to change the credit card numner (CCNUM) . Not sure if I have to debug to check if there is any custom code related to CCNUM while saving credit card details in order?
Thank you for the Reports to encrypt all ccnums in FPLTC and BSEGC .
Hi Prabin,
First check how its currently getting masked for other 2 fields.Seems You have UI masking enabled.
There are below SAP ERP add-on solution for UI Masking applicable for GUI, Webdynpro, SAP UI5 ( Gateway )
ECC: UIM
S/4HANA: UISM
Once its installed, then you can configure from SPRO for Table Field, Data Element, Dypro-Fields based upon authorization.
Let me know if you need more detail.
Regards
Samir
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OSS note 1947100 will answer your query. Also, if you're hoping to connect with readers, please consider adding a picture to your profile. Here's how you do it:
https://www.youtube.com/watch?v=F5JdUbyjfMA&list=PLpQebylHrdh5s3gwy-h6RtymfDpoz3vDS.
By personalizing your profile with a photo of you, you encourage readers to respond.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi ,
There are new data masking solutions in SAP via UI5 . Check if any such thing applied in your landscape and masking performed on selective customers.
Regards,
Sharat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
108 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.