Purpose: Use this screen to define the number of days to retain credit card data on closed or cancelled orders.
Number field: Enter the number of days to retain credit card data on closed or cancelled orders. Once this number of days has passed since an order was updated, the order is eligible to be updated by the Purge Security Risk Information (SECRISK) periodic function.
The SECRISK function:
• Deactivates the payment method.
• Removes the expiration date. Note: Require an expiration date for all credit card pay types (pay category 2) to make the SECRISK function run most efficiently.
• Sets the Risk purge date on the Order Header to the current date.
- If any subsequent activity reopens the order, the system clears the Risk purge date.
- If you perform a return against an order whose credit card pay type has already been deactivated by the SECRISK function, and add a new pay type to the order, the system clears the Risk purge date.
- If the function finds an order whose payment method was already deactivated, it sets the Risk purge date to 999999.
• Replaces the first 12 digits of the credit card numbers with the characters specified for the credit card number format, typically asterisks (*).
Note: If no format is set up for the pay type, the default masking character is asterisks.
Which tables are affected? The periodic function updates:
• Invoice Payment Method
• Order Payment Method
• CC Deposit History
• Stored Value Card (activated cards only)
• Customer Membership (updates completed or cancelled memberships, including those without an order number)
• On Line Authorization: The system uses the authorization date to determine whether the record has exceeded the . The system deletes any records associated with a closed order whose authorization date exceeds the credit card retention days and that do not have an authorization date defined.
Rules for replacing credit card numbers: The Purge Security Risk Information periodic function performs the updates described above if:
• the order status is closed (X) or cancelled (C), and
• the pay type on the order is a credit card (pay category 2), and
• the Order Payment Method has an expiration date that is not 0, or is for a pay type that is not flagged to require expiration date, and
• the most recent Order Transaction History record with a transaction type of S (shipment or return) for the order is at least as old as the number of days specified in the Credit Card Retention Days (K65) system control value, and
• there are no return authorizations for the order that have not yet been received or credited, and
• there are no pending pick slips for the order whose status is not V Void, or unapproved authorizations for the order, and
• the Risk purge date on the Order Header table does not specify a date, and
• there are no records for the order in the Pick Stored Value Card table or Billing Async data queue, indicating the order did not bill correctly.
• In addition, if the Evaluate Pending Deposits and Refunds for Credit Card Purge (L83) system control value is selected, there can be no:
- pending credit card deposits or rejected deposits for billed credit card orders. These records are identified by the fact that they use pay category 2, are not flagged to suppress deposit (the Suppress Deposit flag in the Invoice Payment Method table is blank or set to N), and have not been deposited (the Deposit Created Date in that table is set to 0 for a pending deposit and to 999999 for a rejected deposit).
The function does not evaluate orders that have been purged.
Leave this field blank if you do not want to replace credit card data.
Stopping and Restarting the SECRISK Periodic Function
• Delete the active procedure.
When the SECRISK periodic function runs, it checks periodically to see if the SECRISK active procedure record still exists. If this active procedure no longer exists. the function creates a record in the Report Generic table, and then ends processing.
Each time you run the SECRISK periodic function, it checks the Report Generic table for a record. If there is a Report Generic record, the SECRISK periodic function uses that record to determine the next order to process, and then deletes the Report Generic record.
You can stop and restart the SECRISK periodic function multiple times, if needed.
For more information: See:
• the Data Security and Encryption Guide for best practices about credit card encryption and data security