Show TOC

 Retail, PCI Data Security Standard — Credit Card Information


Technical Data

Technical Name of Business Function


Type of Business Function

Enterprise Business Function

Available As Of

SAP Enhancement Package 5 for SAP ERP 6.0

Technical Usage

Central Application

Application Component

POS Interface (SD-POS)

Directly Dependent Business Function Requiring Activation in Addition

Not relevant

You can use this business function to support the PCI data security standard for applications that store or transmit credit card and bank card data.

In ERP for Retail this implies that the IDoc database in the POS inbound interface has to secure credit card data, that is store encrypted data. In particular this applies to the IDoc types WPUTAB and WPUBON which contain this data during transfer.


To achieve PA-DSS (Payment Application Data Security Standard) compliance in an all-SAP Store-to-Enterprise integrated landscape (POS/Transnet or SAP EPOS, SAP PI, POS DM, BW, ERP) the complete scenario is as follows:

  • Credit card information is captured in a transaction in-store at the Point-of-Sale

  • The credit card data is transmitted through central middleware (such as SAP PI)

  • Credit card data as well as transactional data is mapped from POS format into POS Data Management format

  • The data is stored and processed in POS DM

  • The user can display encrypted or decrypted credit card data along with the POS transactional data in POS DM as part of the auditing process

  • Credit card data is uploaded to POS Analytics and ERP for Retail

The data is stored in ERP for further processing, for example in the financial application.


You have installed the following components as of the version mentioned:

Type of Component


Is Needed Only for the Following Features

Software Component


XI Content


BI Content

Netweaver 7.02, BI Cont 7.0.5


PCI Data Security Standard — Credit Card Information

The PCI-DSS / PA-DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It was developed and released by the Payment Card Industry to help organizations in processing credit card payment transactions while preventing fraud, hacking and other security issues.

For purposes of PA-DSS, a payment application is defined as one that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties.