cancel
Showing results for 
Search instead for 
Did you mean: 

Encrypted payment card numbers

Former Member
0 Kudos

Hello. I have a question about implementating database encryption for stored credit card numbers in R3 (Rel. 45B).

We have a consultant coming in the next week to help with the config. If I am understanding the flow, the encryption and decryption can be done via function calls at different times (I am assuming via user exits) in the processing.

My question is this:

If I encrypt the data, where is the encrypted value (which is much longer than the unencrypted credit card number field) to be stored? Is there a separate field used for storing the value? How long is that field?

Any feedback would be appreciated, as I am trying to do a little prep work before the consultant arrives.

Thank you.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

What are the SAP functions that you call to encrypt and decrypt the card numbers?

If the fields you want to encrypt are standard SAP fields through SAP's standard transactions, did you have to modify SAP code or did you use user exits?

Former Member
0 Kudos

See OSS note 662340 on installing SAPCryptolib to enable card enryption. Also, see notes 766703 and 633462. Installation of cryptolib and the keys on a distributed landscape can be tricky.

Once you activate card enryption, SAP should encrypt/decrypt automatically throughout the system.

Former Member
0 Kudos

The answer is that you do not store the ciphertext in the card number field. You create a reference number which is 25 bytes long that substitutes for the card number, and is stored in the card number field. The reference number, in turn, is also stored in a custom table with the ciphertext. The reference number is a unique key to that table.

You then create translation routines to encrypt/decrypt the ciphertext based on the reference number that you stored. These routines would be passed the card number field, which contains the reference number. The input parameter list for these routines are standard. The routines that do the encryption/decryption are configured to be called at the appropriate times.

- Brendan