Payment Card Security According to PCI- DSS

The Payment Card Industry Data Security Standard (PCI- DSS ) was jointly developed by major credit card companies in order to create a set of common industry security requirements for the protection of cardholder data. Compliance with this standard is relevant for companies processing payment card data. For more information, see http://www.pcisecuritystandards.org.

This section of the security guide for SAP ERP Industry Extension Media , supports you in implementing payment card security aspects and outlines steps that need to be considered to be compliant with the PCI- DSS . Note that the PCI- DSS covers more than the following steps and considerations. Complying with the PCI- DSS lies completely within the customer’s responsibility, and we cannot guarantee the customer’s compliance with the PCI- DSS .

Please note that this guide is application-specific. For general information on ensuring payment card security, see the Payment Card Security Guide at  help.sap.com/erp SAPERP Enhancement Packages Enhancement Package 5 English SAPERP Cross-Application Functions SAPERP Security Guides Payment Card Security or, see Payment Card Security: Security Guide onSAPService Marketplace at  http://service.sap.com/securityguide SAPBusiness Suite Applications Payment Card Security .

For updated general PCI- DSS information, see also SAP Note1609917.

Payment card information is part of IS-M/AM and IS-M/SD. In both applications the payment card information can be used for ordering as well as for billing. Customers can maintain the Credit Card payment method and enter card details for one or more payment cards.

If the Credit Card payment method is selected for an order, payment card information is displayed in the business partner and the IS-M/AM and IS-M/SD orders. The data is masked according to the settings defined in Customizing.