Background documentationPeriodic Replacement of Keys

Prerequisites

For you to be able to periodically replace keys for encrypted payment card data, the following requirements must be met:

  • You activated the business function PCA_KEYV (Periodic Key Replacement for Payment Card Encryption).

  • You activated versioned encryption of payment cards in Customizing under Start of the navigation path Cross-Application Components Next navigation step Payment Cards Next navigation step Basic Settings Next navigation step Make Security Settings for Payment Cards End of the navigation path. There you also set the security level Masked Display and Encrypted When Saved and you set the Key Replacement Active indicator.

  • You specified the payment card types that you want to save in encrypted form in Customizing under Start of the navigation path Cross-Application Components Next navigation step Payment Cards Next navigation step Basic Settings Next navigation step Maintain Payment Card Type End of the navigation path.

Features

To further increase the security of encrypted payment card data in your system, you can replace the keys on a periodic basis.

If you activate the business function PCA_KEYV (Periodic Key Replacement for Payment Card Encryption), then the following functions are available to you in addition to those described above:

  • Periodic replacement of the keys used for encrypting payment cards

  • Deletion of keys that are no longer used

The key versions that are generated during the key replacement for payment cards are managed by the SAP system in parallel in the Secure Store and Forward (SSF) application PAYCRV. All programs that support encrypted storage of payment cards, and therefore use versioned encryption, use the SSF application PAYCRV.

Note Note

Activating the key replacement does not have any effect on the data itself. The system can always decrypt credit card data that was already stored in encrypted form.

End of the note.