Show TOC

 Retail, PCI Data Security Standard — Credit Card Information

 

Technical Data

Technical Name of Business Function

ISR_APPL_PCI_DSS

Type of Business Function

Enterprise Business Function

Available As Of

SAP Enhancement Package 5 for SAP ERP 6.0

Technical Usage

Central Application

Application Component

POS Interface (SD-POS)

Directly Dependent Business Function Requiring Activation in Addition

Not relevant

You can use this business function to support the PCI data security standard for applications that store or transmit credit card and bank card data.

In ERP for Retail this implies that the IDoc database in the POS inbound interface has to secure credit card data, that is store encrypted data. In particular this applies to the IDoc types WPUTAB and WPUBON which contain this data during transfer.

Integration

To achieve PA-DSS (Payment Application Data Security Standard) compliance in an all-SAP Store-to-Enterprise integrated landscape (POS/Transnet or SAP EPOS, SAP PI, POS DM, BW, ERP) the complete scenario is as follows:

  • Credit card information is captured in a transaction in-store at the Point-of-Sale

  • The credit card data is transmitted through central middleware (such as SAP PI)

  • Credit card data as well as transactional data is mapped from POS format into POS Data Management format

  • The data is stored and processed in POS DM

  • The user can display encrypted or decrypted credit card data along with the POS transactional data in POS DM as part of the auditing process

  • Credit card data is uploaded to POS Analytics and ERP for Retail

The data is stored in ERP for further processing, for example in the financial application.

Prerequisites

You have installed the following components as of the version mentioned:

Type of Component

Component

Is Needed Only for the Following Features

Software Component

SAP_APPL

XI Content

EA-RETAIL 605

BI Content

Netweaver 7.02, BI Cont 7.0.5

Features

PCI Data Security Standard — Credit Card Information

The PCI-DSS / PA-DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It was developed and released by the Payment Card Industry to help organizations in processing credit card payment transactions while preventing fraud, hacking and other security issues.

For purposes of PA-DSS, a payment application is defined as one that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties.