11g Release 1 (11.1.1.5.0)
Part Number E20375-01
Contents
Previous
Next
|
Oracle® Fusion
Applications
Financials Implementation Guide 11g Release 1 (11.1.1.5.0) Part Number E20375-01 |
Contents |
Previous |
Next |
This chapter contains the following:
Funds Capture Process Profile: Explained
System Security Options: Critical Choices
FAQs for Define Funds Capture and Payments Security
A funds capture process profile is a key setup entity that contains all the rules necessary for processing funds capture transactions. It tells Oracle Fusion Payments how to communicate with a specific payment system, and includes the payment system accounts to be used for processing transactions. During processing, the funds capture process profile is derived from transaction routing rules, which are created during the setup of internal payees.
A funds capture process profile contains rules that control each of the following steps of the funds capture process:
Formatting messages
Building settlements into a settlement batch
Transmitting messages to the payment system
When the processing type is Bank Account, a Verification region is displayed in the Create Funds Capture Process Profile page. When the processing type is Credit Card, an Authorization region is displayed instead of the Verification region. In either case, you select the format in which your payment system expects to receive the online message. This outbound format instructs Oracle Fusion BI Publisher how the message should look. You also select the format in which you expect to receive an inbound response from the payment system.
The Settlement region of the Create Funds Capture Process Profile page enables you to select a format in which your payment system expects to receive the settlement message. The settlement will be online for a gateway-type payment system and in a batch for a processor-type payment system. Online settlement transactions are typically transmitted in a group, although they are processed as individual transactions. You also select the format in which you expect to receive an inbound response from the payment system.
You can select formats for contacting your payment system to retrieve an acknowledgment, and for receiving the response from the payment system which specifies whether the transaction succeeded or failed. Acknowledgments can be pushed by the payment system to your company, or your company may need to retrieve acknowledgments from the payment system.
In the Notification to Payer region of the Create Funds Capture Process Profile page, you select a notification format and the method of notification delivery to the payer. Payer notification is a message sent to each payer after the settlement or settlement batch is transmitted, notifying them of a funds capture transaction that will charge their credit card or bank account.
In the Creation Rules tab of the Create Funds Capture Process Profile page, you select settlement grouping attributes. When a specific grouping attribute is enabled, Payments ensures that settlements within one settlement batch all share the same value. Settlements with disparate attribute values trigger the creation of as many settlement batches as there are unique value combinations. For example, if you select Business Unit and Settlement Date as grouping rules, then only settlements with the same business unit and settlement date are grouped in a settlement batch when the funds capture process profile is used.
You can also limit the size of the settlement batch by amount or number of settlements.
A funds capture process profile is specific to one payment system and its payment system accounts. In the Accounts tab on the Create Funds Capture Process Profile page, you specify payment system accounts to be used with the funds capture process profile. For each payment system account you enable, you select up to three transmission configurations, one each for authorizations or verifications, settlements, and acknowledgments. The payment system account tells Payments how to identify itself to the payment system, and the transmission configurations tell Payments how to transmit the transaction to the payment system.
Routing rules route a funds capture transaction to a payment system and payment system account and determine the funds capture payment profile to be used based on attributes of the transaction. Oracle Fusion Payments compares attributes of a transaction, such as payment method, amount, and currency against the conditions in a routing rule. When all of the conditions are met, the specified payment system account and funds capture payment profile are used for the transaction.
You assign routing rules to payees during the setup of internal payees. Each payee can have routing rules that are prioritized. A routing rule with the highest priority is evaluated by Payments first. If the values in the requested funds capture transaction match the conditions in the routing rule, that transaction is routed to the applicable payment system account for processing, and the derived funds capture process profile is used to define how the transaction will be processed. If the attributes in the requested funds capture transaction do not match the conditions in the routing rule, the routing rule is disregarded and Payments evaluates the next routing rule. If all routing rules are evaluated and none apply, Payments looks for a payment system account and funds capture process profile specific to the payment method type entered for the payee in the Default Payment System region of the Set Rules page.
The payment system account and funds capture process profile that are used for an authorization will automatically be used for any further actions on the transaction, including settlement and any follow-on refunds.
Oracle Fusion Payments system security options enable you to set security options for payment instrument encryption and payment instrument masking. These options are used for both funds capture and disbursement processes.
Implementation of the System Security Options should be part of a complete security policy that is specific to your organization. To secure your sensitive data, you can choose from the following options:
Credit card data encryption
Bank account data encryption
System key rotation
Credit card number masking
Bank account number masking
Credit Card Encryption is an advanced security feature within Payments that enables Oracle applications to encrypt credit card data. Use of the Credit Card Encryption feature assists you with your compliance with the cardholder data protection requirements of the following:
Payment Card Industry (PCI) Data Security Standard
Visa's PCI-based Cardholder Information Security Program (CISP)
Credit card numbers entered in Oracle Fusion Receivables and Oracle Fusion Collections are encrypted automatically based on the setup for credit card encryption in the System Security Options page. If card numbers are brought into Payments through import or customization, Oracle recommends that you run the Encrypt Credit Card Data program immediately afterward.
Bank Account Encryption is an advanced security feature within Payments that enables Oracle applications to encrypt supplier and customer bank account numbers.
Important
The Bank Account Encryption feature does not affect internal bank account numbers. Internal bank accounts are set up in Oracle Fusion Cash Management and are used as disbursement bank accounts in Oracle Fusion Payables and as remit-to bank accounts in Receivables.
Supplier, customer, and employee bank account numbers entered in Oracle applications are encrypted automatically based on the setup for bank account encryption in the System Security Options page. If bank account numbers are brought into Payments through import or customization, Oracle recommends that you run the Encrypt Bank Account Data program immediately afterward.
When you enable encryption in Payments, you create one system-level security key, which is a 168 bit 3-DES key. The system key is the encryption master key for the entire installation. It is stored in an Oracle Wallet file and is used to encrypt Payments system subkeys. The Encryption feature enables you to rotate the system key. System key rotation changes the subkey data, but does not result in a re-encryption of the credit card numbers or bank account numbers. To secure your payment instrument data, your security policy should include a regular schedule to rotate the system keys.
The security architecture for credit card data encryption and bank account data encryption is comprised of the following components:
Oracle Wallet Manger
Oracle Wallet file
System key
System subkeys
Credit card number storage
Bank account number storage
For payment instrument encryption, Payments uses a chained key approach. To simplify, the chained key approach is used for data security where A encrypts B and B encrypts C. In Payments, the system key encrypts the subkeys and the subkeys encrypt the payment instrument data. This approach allows easier rotation of the system key. The system key is the encryption master key for the entire installation. It is stored in a wallet file and is used to encrypt Payments subkeys.
Before encryption can be enabled for the first time, a wallet file must already exist on the file system of the Enterprise Storage Server (ESS). You must create an empty wallet file called ewallet.p12 and, if you would like to use your own system-level encryption key, a file called key.bits containing your binary (3DES) encryption key. Both files should be placed in the same directory, and the directory must be readable and writable by the Weblogic Server (WLS) container hosting the Payables Java EE application user interface.
When creating a wallet on the Manage System Security page, the full path of ewallet.p12 should be entered in the New Wallet File Location field, and if you are using a user-defined key, the full path of key.bits should be entered in the Key File Location field.
After the wallet has been created on the Manage System Security page, you will also need to copy the wallet files to the same path for the Application Developer Framework (ADF) user interface servers for the Receivables and Payables Java EE applications. Any time the key is updated, this copy must be done.
Payments serves as a payment data repository on top of the Oracle Fusion Trading Community Model. This model holds party information. Payments stores all of the party's payment information and its payment instruments, such as credit cards and bank accounts. This common repository for payment data provides data security by allowing central encryption management and masking control of payment instrument information.
On the System Security Options setup page, credit card numbers and external bank account numbers can be masked by selecting the number of digits to mask and display. For example, a bank account number of XXXX8012 represents a display of the last four digits and a masking of all the rest. These settings specify masking for payment instrument numbers in the user interfaces of multiple applications.
Before capturing funds from a payer's bank account, you can send an online message to the payment system requesting that it contact the bank and verify that the payer's bank account is valid. This process does not put a hold on any funds in the account, which is done with a credit card authorization.
You enable online verification in a funds capture process profile by selecting an outbound format and an inbound response format for verification.
Note
Online payer verification is an optional feature and is not offered by all payment systems.
|
 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
