Technical Name of Business Function |
|
Type of Business Function |
Enterprise Business Function |
Available As Of |
SAP Enhancement Package 5 for SAP ERP 6.0 |
Technical Usage |
Central Application |
Application Component |
POS Interface (SD-POS) |
Directly Dependent Business Function Requiring Activation in Addition |
Not relevant |
You can use this business function to support the PCI data security standard for applications that store or transmit credit card and bank card data.
In ERP for Retail this implies that the IDoc database in the POS inbound interface has to secure credit card data, that is store encrypted data. In particular this applies to the IDoc types WPUTAB and WPUBON which contain this data during transfer.
To achieve PA-DSS (Payment Application Data Security Standard) compliance in an all-SAP Store-to-Enterprise integrated landscape (POS/Transnet or SAP EPOS, SAP PI, POS DM, BW, ERP) the complete scenario is as follows:
Credit card information is captured in a transaction in-store at the Point-of-Sale
The credit card data is transmitted through central middleware (such as SAP PI)
Credit card data as well as transactional data is mapped from POS format into POS Data Management format
The data is stored and processed in POS DM
The user can display encrypted or decrypted credit card data along with the POS transactional data in POS DM as part of the auditing process
Credit card data is uploaded to POS Analytics and ERP for Retail
The data is stored in ERP for further processing, for example in the financial application.
You have installed the following components as of the version mentioned:
Type of Component |
Component |
Is Needed Only for the Following Features |
Software Component |
SAP_APPL |
|
XI Content |
EA-RETAIL 605 |
|
BI Content |
Netweaver 7.02, BI Cont 7.0.5 |
The PCI-DSS / PA-DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It was developed and released by the Payment Card Industry to help organizations in processing credit card payment transactions while preventing fraud, hacking and other security issues.
For purposes of PA-DSS, a payment application is defined as one that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties.