Encryption of Payment Cards 
The following options are used for the encryption of payment cards:
· Encrypted storage of credit card numbers, cardholder names, and card expiration dates
· Masked display of credit card number
· Display of the complete credit card number
· Logging of display of the complete credit card number
The selection of the security level (with/without encryption/masking), the update of the access log with unmasked display, the selection of the additional authorization check with unmasked display and the number of visible characters with masking are controlled by way of the settings on payment card security described below.
For display of the complete credit card number in the POS Workbench, a display pushbutton is visible in the segment for the credit card data behind the field for the credit card number (if the authorization object B_CCSEC exists in the user master record). You can save each display of a non-masked payment card number in an access log. This way you can trace which user has displayed which payment card and when.
Integration
Migration of old Data
The migration of existing POS transactions with credit card numbers without security level takes place using transaction /POSDW/PCAM. Note the settings for the changeability of POS transactions if tasks with status Completed exist.
Archiving of Encrypted Credit Card Numbers
Archiving of the encrypted credit card numbers takes place by way of the archiving object CA_PCA_SEC.
Access Logs
You can evaluate the access to payment card data with the program RCCSEC_LOG_SHOW. In order to evaluate the access log, you require authorization for activity 71 in the authorization object B_CCSEC.
You can delete the log records if these are at least one year old. You carry out deletion with program RCCSEC_LOG_DEL. In order to activate the deletion program, you must have authorization for object B_CCSEC with activity 06.
Prerequisites
Making the Settings for Payment Card Security:
Make the general security settings using transaction SM30, maintenance view V_TCCSEC. Note that, on selection of the security level Masked Display, No Encrypted Save, credit card numbers may be lost in the SAP System. This setting should only be selected if the credit card data is not to be processed further.
Application of the security settings occurs with all POS transactions with credit card information that are to be newly created or changed.
The steps described in the following section are only required if you use the security level Masked Display and Encrypted Save.
Setting Up the Encryption Software:
The functionality SAPCRYPTOLIB contains the necessary functions for encryption. Install SAPCRYPTOLIB. You can make general settings for execution of the encryption software in the Implementation Guide (IMG) for SAP NetWeaver. Choose Application Server -> System Administration -> Maintain the Public Key Information for the System.
If you set the encryption with transaction SSFA, you must use the application PAYCRD.
For more information, see Note 662340.
If you set the encryption with the transaction SSFVA, you must use the application PAYCRV.
For more information, see Converting to Versioned Encryption.
Setting Up the Encryption for Each Credit Card Institute:
Use transaction SM30, maintenance view V_TB033 to determine for each credit card institute whether credit card numbers are to be encrypted or not. The settings can also be called up by way of the implementation guide (IMG) for cross-application components. Choose Payment Cards -> Basic Settings -> Maintain Payment Card Type.
The complete security settings only come into effect if the encryption indicator is set. Note the following: If the encryption indicator (TB033) for a credit card institute is not set, but the general security level (TCCSEC) is Masked Display and Encrypted Save, then the security level for this credit card institute is lowered to Masked Display, No Encrypted Save.
For the display of complete credit card numbers, the authorization object B_CCSEC is required in the user profile.