You can encrypt payment card numbers when they are saved to the database. All encrypted numbers are shown in masked format and can be accessed by authorized users only.
You have implemented the SAP Cryptographic Library (SAPCryptolib
) as described in SAP Notes 662340 and 1014619.
The SAP Cryptographic Library is the default security product delivered by SAP for performing encryption functions in SAP systems. For a list of SAP Notes that provide further information on encryption, see SAP Note 1034482.
You have activated encryption in Customizing for Customer Relationship Management
under .
If encryption is active for a payment card type, but no external tool is connected, the payment card number is saved without being encrypted.
Masking of card numbers
The default masking format is 51000*********08
. You can define a different format in Customizing for Customer Relationship Management
under .
Access to masked data
To display the full credit card number in the business partner master data, in a business transaction, or in a billing document, the authorization object B_CCSEC
must be assigned to a user.
Access log
You can log user access to unmasked payment card data in order to track which user displayed which card number at which time. You activate the log in Customizing for Customer Relationship Management
under by selecting Logging of Unmasked Display
.
You use the report RCCSEC_LOG_SHOW
or transaction CCSEC_LOG_SHOW
to display the log. To display the access log, you require authorization for the activity 71 in the authorization object B_CCSEC
.
You can delete log records if they are at least one year old. You do this using report RCCSEC_LOG_DEL
or transaction CCSEC_LOG_DEL
. To use the deletion report, you require authorization for the object B_CCSEC
with
the activity 06.
Retroactive encryption
You can encrypt payment card data in the database using the report PCA_MASS_CRYPTING
or CRM_ORDER_PC_RETROGR_ENCRYPT
.
Note
Retroactively encrypted card numbers are not masked.
Archiving
For more information about archiving, see SAP Library for SAP ERP Central Component in SAP Help Portal at http://help.sap.com/erp. Search for “Archiving of Encrypted Payment Card Data”. Note that the rest of the SAP ERP documentation for payment card security is not relevant for SAP CRM.