SAP POS can safeguard information such as customer names and credit card numbers through processes which encrypt or mask sensitive data as it is transmitted from the POS to the Xpress Server or beyond, or stored in the TLogs, journals or databases. You can define specific parameters to control some aspects of these processes such as which encryption key to activate when several keys have been defined, or which portion of data in a string of data to mask.

Through its security module, SAP POS supports the use of multiple encryption keys. This module maintains a library of secret keys and allows the active secret encryption key to be changed at any time as the need arises.

To support multiple keys, the key index ID used to encrypt a database record is stored in the record’s header. Access to encrypted data requires it to be decrypted using that encryption key index. New data written to the database is always encrypted with the active encryption key index on the Xpress Server. Existing data uses the encryption index that was retrieved from the database to re-encrypt the data and the encrypt key index value is written to the database along with the data.