Using Credit Card Encryption and Data Security
Credit card encryption allows you to encrypt the credit card number in the CWDirect database, providing additional security of credit card data.
To further secure credit card data:
• Follow the steps described under Guidelines for Data Security.
• You can prevent credit card data from being downloaded to CWData by entering Y in the Suppress Customer Credit Card Information in Data Warehouse (I49) system control value.
• The system writes a record to the Credit Card Audit file (MSCCAU) whenever a user with authority to view credit card numbers displays a screen or window that includes the credit card number field, or prints a report that might include any credit card numbers. See Logging Credit Card Data Access for an overview.
• Once you have enabled credit card encryption, you can further secure credit card data by replacing the encrypted credit card number in the CWDirect database with a token provided by the authorization service; see Credit Card Tokenization.
Note: Credit card encryption applies to any data stored in the Credit card number field. This includes credit card numbers, stored value card numbers, electronic gift certificate numbers, Bill Me Later account numbers, and Direct Bank Disbursements.
In this topic:
• Guidelines for Data Security
• Summary of iSeries Password Options
• Recommended Firewall Configuration for E-Commerce
• PA-DSS Security Requirements
• How is Credit Card Data Encrypted?
• Credit Card Encryption/Decryption Process
• When is Credit Card Data Encrypted?
• Credit Card Encryption in CWDirect Files
• When is Credit Card Data Decrypted?
• Transmitting Credit Card Data
• Sending Credit Card Data to an External System
• Receiving Credit Card Data from an External System
• Encrypting the Virtual Card Number File
• Credit Card Data in ECLG and MQJAVALOGS Files
For more information: See:
• Credit Card Encryption Installation and Setup for step-by-step instructions on installing credit card encryption.
• Credit Card Encryption Key Switch for step-by-step instructions on encrypting credit card data using a new credit card encryption key.
• Credit Card Tokenization for instructions on replacing the credit card number in the CWDirect database with a token provided by the authorization service.
Use MICROS’s recommended guidelines below to comply with Payment Card Industry (PCI) data security standards:
Guideline |
Comments |
For more information, see: |
Enable credit card encryption. |
Encryption requires version 9.0 or higher of CWDirect, and version v5r3 or higher of the operating system. |
Credit Card Encryption Installation and Setup: step-by-step instructions on installing credit card encryption. Credit Card Encryption Key Switch: step-by-step instructions on encrypting credit card data using a new credit card encryption key. |
For security reasons, it is recommended that you split the knowledge of the generated encryption key and key encryption key between two separate individuals in your organization. |
||
To adhere to security best practices, it is recommended that you change your encryption key and key encryption key every 6 months. |
||
Replace the encrypted credit card number in the CWDirect database with a token provided by the authorization service. |
Credit card tokenization requires version 14.0 or higher of CWDirect and Litle as your authorization service. |
|
Turn off logging in any CWIntegrate site that passes customer credit card information. |
Examples of CWIntegrate sites that pass credit card information include integrations with authorization services (such as Paymentech and Chase), and any integration that passes order messages (such as the integration with CWStore). Logging is typically helpful during the installation, testing, and certification phase of site implementation, but should be turned off before passing actual customer data. |
Individual site documentation, such as the Paymentech Integration manual or the FDMS Chase Integration manual. |
Define a credit card masking format for all credit card pay types. |
The masking format is user-definable, but a typical format masks all but the last four digits of the credit card, replacing the other digits with asterisks (for example, **** **** **** 4567). |
|
Enter Y in the Prevent Storing the Customer’s Last CC# and Exp Date (J86) system control value to prevent the storing of the customer’s credit card number and expiration date that was most recently used on an order in the Customer Sold To and Customer Ship To Order History files. |
Conversion program: Run the following conversion program to remove the credit card numbers and expiration dates that currently exist in the Customer Sold To and Customer Ship To Order History files: Call CVR0719 parm(‘’ x’999F’), where 999 is the company code. Note: If you do not run this conversion program and you enter Y in the Prevent Storing the Customer’s Last CC# and Exp Date (J86) system control value, the system will retain the credit card numbers and expiration dates that currently exist in the Customer Sold To and Customer Ship To Order History files. However, once you place a new order for a customer, the system will then clear the customer’s credit card number and expiration date from the Customer Sold To and Ship To Order History files. |
|
Use the Credit Card Retention Days (K65) system control value to define the number of days to retain credit card numbers in closed or cancelled orders. |
Run the SECRISK function once to permanently replace credit card numbers up to 12 digits with asterisks (*), remove expiration dates, and deactivate pay types in order-related tables. Then run the process daily to update credit card data based on the Credit Card Retention Days (K65) system control value. See Security Risk Purge. |
|
Use the Restrict Access to Credit Card Numbers in OI and OM (A88) secured feature to restrict credit card access for all but specific users. |
Set this secured feature to *EXCLUDE at the company level, and override the setting to *ALLOW only for users who require access to credit card information. MICROS user ID’s should not have access under this secured feature. |
|
Use the Display Full Credit Card Number (B14) secured feature to restrict display of the credit card number for all but specific users. |
Set this secured feature to *EXCLUDE at the company level, and override the setting to *ALLOW only for users who require access to credit card information on screens and reports. MICROS user ID’s should not have access under this secured feature. |
|
Run the Encrypt Virtual Card File Periodic Function each time you receive new records in the Virtual Card Number file from an external system. |
The system encrypts the virtual card numbers in the Virtual Card Number file when you initially install credit card encryption and when you perform a credit card encryption key switch to encrypt your credit card data using a new credit card encryption key. However, because this file is used to receive virtual card numbers from an external system, you need to run the Encrypt Virtual Card File periodic function after you receive new records in the Virtual Card Number file. |
|
Delete sensitive authentication data |
Card security value: The system automatically removes the card security value (CID, CVV2, CVC2) from an order when the order is accepted, even if an approved online authorization has not been received on the order. Card security processing is not available during batch authorization or deposit processing. If the card security value and card security presence are passed for an e-commerce order, the system clears the values and does not pass them to the order. Bill Me Later: If a Bill Me Later account is approved, the system stores the account number in the encrypted credit card number field. Regardless if a Bill Me Later account is approved or declined, the system removes the customer’s social security number and date of birth. |
|
|
Logging: Turn off logging in any CWIntegrate site that passes customer credit card information; see below. Troubleshooting: When troubleshooting a problem dealing with sensitive data, collect only the minimum data required to solve the problem. If you need to store this information, store it in a secure location with limited access. Once the problem has been resolved, immediately delete the sensitive data. Note: CWDirect does not process PIN numbers. |
|
If you perform online authorizations using a leased line point-to-point integration, turn off logging to the Communication Trace file. |
To turn off the Communication Trace file, enter the following command at a command line: CHGDTAARA ONLINETRC ’0’ You should only log online transactions in the Communication Trace file if there are problems with processing that need to be researched. Once research is complete, turn off the Communication Trace file. Note: Access to the ONLINETRC data area is controlled by security settings on the iSeries. |
|
If you process authorization transactions to a Paymentech test environment using the Paymentech socket programs (AAR0173 and AAR0174), remove any test data stored in the PMTDTAF file once testing is complete. |
The setting of the Production system field for the Paymentech service bureau in Work with Authorization Services (WASV) indicates whether you are sending authorization transactions to a test environment. Once testing is complete, select the Production system field to send transactions to Paymentech’s production environment; in this situation, the system does not create records in the PMTDTAF file. |
|
Purge sensitive customer data after a defined retention period |
Use the Purging Orders menu option to purge old orders. Use the Merge/Purge Sold To Names menu option to merge duplicate sold to customers. Use the Prevent Storing the Customer’s Last CC# and Exp Date (J86) system control value to prevent the storing of the customer’s credit card number and expiration date that was most recently used on an order in the Customer Sold To and Customer Ship To Order History file. |
Purging Orders (MPOR, FORP, VORP, DORP) Working with Merge/Purge Sold-to Names (MMCS)Prevent Storing the Customer’s Last CC# and Exp Date (J86) |
Delete encryption key material that is no longer used |
Once the entire encryption key switch process has been completed, you should securely delete old key switch files so that the files are not recoverable. |
Credit Card Encryption Key Switch in the Data Security and Encryption Reference |
Restrict access to the IFS portion of the iSeries to specific users. These users should not have access to CWDirect. |
Access to the IFS portion of the iSeries is controlled by the WRKLNK command. |
IBM documentation |
Use the Generic Order Interface (Order API) rather than the phone interface to load remote orders. |
If you continue to use the phone interface, set the Clear Phone Interface Files (J14) to Y to clear the files after processing orders. |
|
Configure WebSphereMQ to use SSL when sending credit card data. |
|
IBM documentation |
Use TCP/IP over VPN to send credit card data from CWDirect to an authorization service |
|
|
Use the password settings available on the iSeries to enhance security. To adhere to security best practices, it is recommended that you use the highest security settings available on the iSeries. |
|
|
Disable user accounts that have not been used for over 180 days. Delete user accounts that have not been used for over 270 days (90 days after the user account has been disabled). |
Query the User file to determine the last time a user account was used in CWDirect. To disable a user account, change the user’s authority to *EXCLUDE. |
|
Keep the CWDirect default user account at a low level of privilege (no system security, system administration, or fast path access) since it is used to create user accounts. If you create a user account based on the default user account, you should review the necessary security for that individual user. |
When setting up a user in CWDirect, access should be limited to the functions the user needs to successfully perform his or her job duties. |
|
Restrict MICROS from access to the Work with Users menu option and provide as little overall system authority as necessary to support your environment. If higher security needs to be granted to resolve a problem, reduce the security as soon as the problem has been resolved. |
|
|
Restrict MICROS from update authority to the Work with System Values/Features option. |
MICROS should have *DISPLAY authority to system control values. |
|
Restrict MICROS from access to the IFS portion of the iSeries. |
|
IBM documentation |
Configure communications with MICROS so that communication is initiated by you, rather than MICROS. In addition, prevent MICROS from access to your servers until connection is granted by you over a secure connection. Any passwords required to connect to a server should be different from the passwords used to access CWDirect. |
Reset the password as need for support purposes. |
|
Configure MICROS's user ID and password on the VPN to be different than the password for the CWDirect application. |
Reset the password as need for support purposes. |
|
Configure MICROS’s user ID and password to expire or be disabled daily. |
Reset the password as needed for support purposes. |
|
Use a firewall configuration to secure data on the iSeries. |
|
|
Apply software fixes and updates provided by MICROS. |
|
|
Refer to the PCI Security Standards for all other security guidelines related to networks, wireless devices, etc. |
|
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html |
Summary of iSeries Password Options
You can use password settings such as those described below to help better secure your iSeries. MICROS recommends you use the highest security settings available. Please note that not all of the options listed in the following table are available on every model of the iSeries.
System Value |
Description |
Values |
Recommended Setting |
QMAXSGNACN |
Action to take for failed signon attempts |
1=Disable device, 2=Disable profile, 3=Disable device and profile |
3=Disable device and profile |
QMAXSIGN |
Maximum signon attempts allowed |
1-*NOMAX |
3 attempts |
QPWDEXPITV |
Password expiration interval |
1 day - *NOMAX |
30 days |
QPWDLMTAJC |
Limit adjacent digits in password |
0=Allowed, 1=Not allowed |
1=Not Allowed |
QPWDLMTCHR |
Limit characters in password |
|
Allow user to have any character including special characters in password. |
QPWDLMTREP |
Limit repeating characters in password |
0=Can be repeated, 1=Cannot be repeated, 2=Cannot be repeated consecutively |
1=Cannot be repeated. Option 2 is acceptable also and may be more acceptable to the user community since it allows the use of words as passwords. |
QPWDLVL |
Password level |
0=User profile passwords with a length of 1-10 characters are supported. 1=User profile passwords with a length of 1-10 characters are supported. AS/400 NetServer passwords for Windows 95/98/ME clients will be removed from the system. 3=User profile passwords with a length of 1-128 characters are supported. 4=User profile passwords with a length of 1-128 characters are supported. AS/400 NetServer passwords for Windows 95/98/ME clients will be removed from the system. |
1 is recommended because CWDirect only supports passwords up to length 10. |
QPWDMAXLEN |
Maximum password length |
1-128 |
10 |
QPWDMINLEN |
Minimum password length |
1-128 |
8 |
QPWDPOSDIF |
Limit password character positions |
0=Can be the same, 1=Cannot be the same |
1=Cannot be the same |
QPWDRQDDGT |
Require digit in password |
0=Not Required, 1=Required |
1=Required |
QPWDRQDDIF |
Duplicate password control |
0=Can be the same as old passwords, 1=Cannot be the same as last 32, 2=Cannot be the same as last 24, 3=Cannot be the same as last 18, 4=Cannot be the same as last 12, 5=Cannot be the same as last 10, 6=Cannot be the same as last 8, 7=Cannot be the same as last 6, 8=Cannot be the same as the last 4 |
1=Cannot be the same as last 32 |
Recommended Firewall Configuration for E-Commerce
MICROS recommends the use of firewalls to secure data passed between the iSeries and store servers, and between these servers and the web. The following chart illustrates recommended firewall configuration to support e-commerce integration using CWIntegrate.
Purpose: The table below provides a summary of the PA-DSS requirements and how these requirements are met within CWDirect.
PA-DSS Requirement |
PA-DSS Implementation Comments |
CWDirect Implementation |
1.1.4 Delete sensitive authentication data stored by previous payment application versions. |
Historical data must be removed (magnetic stripe data, card validation codes, PINs, or PIN blocks stored by previous versions of the payment application). How to remove historical data. Such removal is absolutely necessary for PCI DSS compliance. |
CWDirect does not store any authentication data in the database. The system stores the credit card number and expiration date as encrypted data and if you use tokenization, the encrypted credit card number is replaced with a token from the authorization service. Card security value: The system automatically removes the card security value (CID, CVV2, CVC2) from an order when the order is accepted, even if an approved online authorization has not been received on the order. Card security processing is not available during batch authorization or deposit processing. If the card security value and card security presence are passed for an e-commerce order, the system clears the values and does not pass them to the order. |
1.1.5 Delete any sensitive authentication data (pre-authorization) gathered as a result of troubleshooting the payment application. |
Sensitive authentication data (pre-authorization) must only be collected when needed to solve a specific problem. Such data must be stored only in specific, known locations with limited access. Only collect a limited amount of such data as needed to solve a specific problem. Sensitive authentication data must be encrypted while stored. Such data must be securely deleted immediately after use. |
|
|
|
Bill Me Later: If a Bill Me Later account is approved, the system stores the account number in the encrypted credit card number field. Regardless if a Bill Me Later account is approved or declined, the system removes the customer’s social security number and date of birth. Logging: Turn off logging in any CWIntegrate site that passes customer credit card information. |
|
|
Troubleshooting: When troubleshooting a problem dealing with sensitive data, collect only the minimum data required to solve the problem. If you need to store this information, store it in a secure location with limited access. Once the problem has been resolved, immediately delete the sensitive data. CWDirect does not process PIN numbers. |
2.1 Purge cardholder data after customer-defined retention period. |
Cardholder data must be purged after it exceeds the customer-defined retention period. All locations where payment application stores cardholder data. |
Use the Purging Orders menu option to purge old orders. Use the Merge/Purge Sold To Names menu option to merge duplicate sold to customers. Use the Prevent Storing the Customer’s Last CC# and Exp Date (J86) system control value to prevent the storing of the customer’s credit card number and expiration date that was most recently used on an order in the Customer Sold To Order History file. See Guidelines for Data Security, Purging Orders (MPOR, FORP, VORP, DORP) Working with Merge/Purge Sold-to Names (MMCS)Prevent Storing the Customer’s Last CC# and Exp Date (J86) |
2.7 Delete cryptographic key material or cryptograms stored by previous payment application versions. |
Cryptographic material must be removed. How to remove cryptographic material. Such removal is absolutely necessary for PCI Compliance. How to re-encrypt historic data with new keys. |
Once the entire encryption key switch process has been completed, you should securely delete old key switch files so that the files are not recoverable. See Guidelines for Data Security and Encryption Key Switch Process in the Data Security and Encryption Reference. |
3.1 Use unique user IDs and secure authentication for administrative access and access to cardholder data. |
Do not use default administrative accounts for payment application logins. Assign secure authentication to default accounts (even if not used), and disable or do not use the accounts. Use secure authentication for the payment application and system whenever possible. How to create secure authentication to access the payment application, per PCI DSS Requirements 8.5.8 through 8.5.15. |
See Guidelines for Data Security and Summary of iSeries Password Options. |
3.2 Use unique user IDs and secure authentication for access to PCs, servers, and databases with payment applications. |
Use unique user names and secure authentication to access any PCs, servers, and databases with payment applications and/or cardholder data, per PCI DSS Requirements 8.5.8 through 8.5.15. |
|
4.2 Implement automated audit trails. |
Set PCI DSS-compliant log settings, per PCI DSS Requirement 10. Logs must be enabled, and disabling the logs will result in non-compliance with PCI DSS. |
See Guidelines for Data Security and Logging Credit Card Data Access. |
6.1 Securely implement wireless technology. |
If wireless is used within payment environment, install a firewall per PCI DSS Requirement 1.3.8. |
See Guidelines for Data Security and Recommended Firewall Configuration for E-Commerce. |
6.2 Secure transmissions of cardholder data over wireless networks. |
If payment application is implemented into a wireless environment, use PCI DSS-compliant wireless settings, per PCI DSS Requirement 4.1.1. |
|
9.1 Store cardholder data only on servers not connected to the Internet. |
Do not store cardholder data on Internet-accessible systems (for example, web server and database server must not be on same server). |
|
10.1 Securely deliver remote payment application updates. |
Receive remote payment application updates via secure modems, per PCI DSS Requirement 12.3. If computer is connected via VPN or other high-speed connection, receive remote payment application updates via a firewall or a personal firewall per PCI DSS Requirement 1 or 1.3.9. |
Use the customer secure web site or a secure FTP site to receive updates. |
11.2 Implement two-factor authentication for remote access to payment application. |
Use two-factor authentication (user ID and password and an additional authentication item such as a token) if the payment application may be accessed remotely. |
Configure communications so that communication is initiated by you. In addition, prevent users from access to your servers until connection is granted by you over a secure connection. Any passwords required to connect to a server should be different from the passwords used to access CWDirect. |
11.3 Securely implement remote access software. |
Implement and use remote access software security features if remote access software is used to remotely access the payment application or payment environment. |
|
12.1 Secure transmissions of cardholder data over public networks. |
Implement and use SSL for secure cardholder data transmission over public networks, in accordance with PCI DSS Requirement 4.1. |
Configure WebSphereMQ to use SSL when sending credit card data. |
12.2 Encrypt cardholder data sent over end-user messaging technologies. |
Implement and use an encryption solution if PANs can be sent with end-user messaging technologies. |
|
13.1 Encrypt non-console administrative access. |
Implement and use SSH, VPN, or SSL/TLS for encryption of any non-console administrative access to payment application or servers in cardholder data environment. |
How is Credit Card Data Encrypted?
Purpose: You must complete the required Credit Card Encryption Installation and Setup to encrypt the credit card number. As part of the installation process, the system installs the following components:
• CWEncryption.jar: The CWEncryption.jar contains the programs used to encrypt and decrypt the credit card number in CWDirect. CWDirect calls these programs whenever the credit card number needs to be encrypted or decrypted.
• Credit card encryption key: The credit card encryption key is a random, 16 byte field used to encrypt credit card data. The credit card encryption key is stored in the CWsystem.jar, located with the MICROS java programs.
• Key encryption key (KEK): The key encryption key is a random, 16 byte field that encrypts the credit card encryption key for additional security. The key encryption key is stored in the CWPAB data area in your program library.
In addition, CWDirect looks at the setting of the Use Credit Card Encryption (I97) system control value and the records in the CC Order Encryption file to determine when to encrypt or decrypt credit card data.
Credit Card Encryption/Decryption Process
CWDirect calls the credit card encryption/decryption program whenever the credit card number needs to be encrypted or decrypted. The credit card encryption/decryption program is a java based program that uses AES-128 encryption.
Credit card encryption illustration:
Is credit card encryption enabled? CWDirect looks at the setting of the Use Credit Card Encryption (I97) system control value to determine if credit card encryption is enabled.
Note: The system automatically updates the setting of this system control value during credit card encryption installation or key switch. You should only update this system control value to Y after you have completed ALL credit card encryption installation and setup.
N or blank: Credit card encryption is not enabled. Credit card numbers in the CWDirect database are not encrypted.
Y: Credit card encryption is fully enabled. All credit card numbers in the CWDirect database are encrypted. If you use Credit Card Tokenization, the encrypted number is a token instead of the actual credit card number. You should only update this system control value to Y after you have completed ALL credit card encryption installation and setup.
C: The system automatically updates to C when credit card encryption is partially enabled. All credit card numbers in non-order related files are encrypted. However, credit card numbers in order-related files are in the process of being encrypted. When you select to work with a credit card on an order, the system must first determine if the credit card number has already been encrypted. The system compares the selected order number against the CC Order Encryption File to determine if the credit card number on the order is encrypted.
• If the Use order level enc flag for the order is Y, the credit card number on the order has been encrypted.
• If the Use order level enc flag for the order is N, the credit card number on the order has not been encrypted. The system will automatically encrypt the credit card number when you select to work with the credit card on the order.
• If the system cannot find the order number in this file, the system assumes the order is a new order and encrypts the credit card number in the CWDirect database.
S: The system automatically updates to S when credit card encryption has been enabled, indicating a new encryption key has been generated and credit card numbers in order-related files are in the process of being encrypted with the new encryption key. When you select to work with the credit card on an order, the system must first determine if the credit card number has already been encrypted with the new encryption key. The system compares the selected order number against the CC Order Encryption File to determine if the credit card number on the order is encrypted.
• If the Use order level enc flag for the order is Y, the credit card number on the order has been encrypted with the new encryption key.
• If the Use order level enc flag for the order is N, the credit card number on the order has not been encrypted with the new encryption key. The system will automatically encrypt the credit card number using the new encryption key when you select to work with the credit card on the order.
• If the system cannot find the order number in this file, the system assumes the order is a new order and encrypts the credit card number in the CWDirect database with the new encryption key.
Encrypt or decrypt the credit card? Depending on the action you are performing, the system must encrypt or decrypt the credit card number or token.
The credit card encryption program encrypts the credit card number or token when:
• The credit card is updated in a permanent CWDirect file.
• The credit card is received from an external system.
The credit card decryption program decrypts the credit card number or token when:
• The credit card displays on a CWDirect screen or report.
• The credit card is sent to an external system.
To encrypt or decrypt the credit card data, the encryption/decryption program:
• Encrypts or decrypts the first 16 digits of the credit card number or token.
• If the credit card number or token contains more than 16 digits, appends the last 4 digits (positions 17--20) of the credit card number to the 16 digit credit card number to produce the full 20 position credit card number.
For more information: See:
• When is Credit Card Data Encrypted? for more information on when CWDirect encrypts the credit card number.
• When is Credit Card Data Decrypted? for more information on when CWDirect decrypts the credit card number.
• Transmitting Credit Card Data for more information on transmitting credit card data to and from an external system.
• Credit Card Encryption Installation and Setup for step-by-step instructions on enabling credit card encryption.
When is Credit Card Data Encrypted?
Purpose: CWDirect encrypts the credit card number when the Use Credit Card Encryption (I97) system control value is set to Y, C, or S and:
• The credit card is updated in a permanent CWDirect file; see Credit Card Encryption in CWDirect Files.
• The credit card is received from an external system; see Transmitting Credit Card Data.
Tokenization: If you use Credit Card Tokenization, the credit card number contains a token rather than the actual credit card number.
Credit Card Encryption in CWDirect Files
The credit card number is encrypted in all permanent CWDirect files. A permanent file is any file that does not send or receive data from an external system.
CWDirect File |
Encrypted Field |
Customer Sold To BML (OECSBM) |
Account # |
Customer Sold To Ord Hist (CSTOOH) |
Last CC# |
Customer Membership (OECSMP) |
Credit card number |
Customer Ship To Ord Hist (CSHORH) |
Last CC# |
Pay Type Extended (OEPAYE) |
BML default account # |
Billing SVC Data Queue (FLSVDQ) |
Card # |
A/R Payment Detail (ARPAY) |
CBT account # |
Miscellaneous Fraud (MSCFRD) |
Code (for C type records only) |
Order Payment Method (OEPAYM) |
Credit card number |
Order Payment History (OEPAYH) |
OPH note Note: The message CC# change from 4788250000121443 to CC# 4788250000131225 now displays as CC# changed. |
Invoice Payment Method (CSINVP) |
Credit card # |
Authorization Hist Print (AUTHPT) |
Credit card number |
CC Deposit History (CCDPHI) |
Credit card # |
On Line Authorization (CCOLAT) |
Credit card # |
Order Ship To Data Queue (OESTDQ) |
Credit card number |
Store Pickup Payment (MLPSBP) |
Credit card number |
Pick Stored Value Card (FLPSVC) |
PSV Card # |
SVC Remote Fulfill Error (FLSRFE) |
SVC Card # |
RA Exch Payment Method (CSRAPM) |
Credit card number |
Stored Value Card (OESVCD) |
SVC Card # |
A/R Batch Payment Detail (ACARBD) |
Account # |
CC Authorization Trans (CCAT00) |
Credit card # |
CC Deposit Transaction (CCDP00) |
Credit card # |
JC Penney Invoice (FLJCPI) |
Credit card# |
Spiegel Invoice (FLSPIN) |
Credit card# |
Viewing records with encrypted credit card data:
• You cannot use the Display Physical File Member command (DSPPFM) to display the contents of a file that contains records with encrypted credit card numbers.
• You can use the Run Query command (RUNQRY) to run a query over a file that contains records with encrypted credit card numbers; however, the Credit card number field will display encrypted data.
Updating records with encrypted credit card data:
• You cannot use the Update Data command (UPDDTA) to update records that contain encrypted credit card numbers.
• you can enter SQL commands (STRSQL) to update records that contain encrypted credit card numbers.
When is Credit Card Data Decrypted?
CWDirect decrypts the credit card number when the Use Credit Card Encryption (I97) system control value is set to Y, C, or S and:
• The credit card number displays on a CWDirect screen or report. However, some settings control how the credit card number displays on screens and reports; see Credit Card Number Display.
• The credit card number is sent to an external system; see Transmitting Credit Card Data.
Tokenization: If you use Credit Card Tokenization, the credit card number contains a token rather than the actual credit card number.
When credit card encryption is enabled, CWDirect decrypts the credit card number to display on a CWDirect screen and report. However, some settings control how the credit card number displays:
The Credit Card Number Format defined for a pay category 2 pay type determines which digits of a credit card number are masked on CWDirect screens and reports using a special character, such as an asterisk (*). For example, you may wish to mask all but the last 4 digits of a 16-digit credit card number: ************1443.
The Display Full Credit Card Number (B14) secured feature controls whether a CWDirect user can view the full credit card number on CWDirect screens and reports.
• If you allow access to this feature, you can view the full credit card number on CWDirect screens and reports, regardless if a credit card number format has been defined at the Credit Card Number Layout Screen. If you use Credit Card Tokenization, the number that displays is a token, rather than the actual credit card number.
• If you prohibit access to this feature, the credit card number displays in the credit card number format specified at the Credit Card Number Layout Screen for the specified pay type. If a credit card number format is not defined for the pay type, the number displays in the default credit card number format. However, if a credit card number format has not been defined for the pay type and a default credit card number format is not defined, the full credit card number will display on CWDirect screens and reports.
The Restrict Access to Credit Card Numbers in OI and OM (A88) secured feature controls whether an operator has access to the credit card number and credit card expiration date in order maintenance and inquiry.
• If you allow access to this feature, the operator has access to the number. However, if you do not have authority to the Display Full Credit Card Number (B14) secured feature, the credit card number displays in the format specified at the Credit Card Number Layout Screen for the associated pay type. For example, ************1443 may display instead of the entire credit card number.
• If you prohibit access to this feature, the operator cannot view the number. Also, the operator cannot change a credit card payment method on an order. If the credit card information requires a change and the operator does not have authority to view the credit card number, the operator must delete the payment method and reenter a new credit card payment method.
Credit card number scan screens: You can scan on credit card number at the following CWDirect screens:
• Order Maintenance Selection Screen
• Select Orders For Return Authorization Screen
However, if you have defined a credit card number format, the credit card numbers that display on the bottom half of the scan screen will be masked by the associated credit card number format.
In addition, if you have credit card encryption enabled, the system will not find a credit card number match unless you enter the full credit card number in the scan field. The credit card number you entered in the scan field is display-only at the top of the screen and the credit cards that display at the bottom of the screen are masked by the associated credit card number format.
If you use Credit Card Tokenization, you will not be able to scan on the credit card number on these CWDirect screens since the credit card number has been replaced with a token.
When credit card data is sent to an external system, CWDirect retrieves the encrypted credit card number from the CWDirect database and decrypts the number before sending it to the external system. The credit card number sent to an external system must be decrypted so that the external system can read the credit card number.
Credit card data received from an external system will not be encrypted because the external system will not know how to encrypt the credit card number. When the credit card data is received, CWDirect processes the information and encrypts the credit card number to store in the CWDirect database.
Note: To ensure security of the credit card data during data transmission to and from CWDirect, you should configure a secure socket over your MQ queues.
Tokenization: If you use Credit Card Tokenization, the credit card number contains a token rather than the actual credit card number.
Sending Credit Card Data to an External System
CWDirect sends an unencrypted credit card number at the following integration points.
Outbound Integration |
Message or File |
Unencrypted Field |
Sending authorization requests to a service bureau, including stored value card activations, balance inquiries, and authorization reversals. See: • Processing Authorizations and Deposits using CWIntegrate Tokenization: If you use Credit Card Tokenization and the Require Credit Card Token (L40) system control value is set to N, the ccAccountNumber in the CWAuthorizationRequest may contain a token or an actual credit card number. The Tokenized tag in the message indicates whether the authorization service should replace the credit card number with a token. |
ccAccountNumber |
|
CC Auth Trans Data file |
Credit card number |
|
CC Trans Data - Amex file |
Credit card number |
|
Sending deposit requests to a service bureau. See: |
ccAccountNumber |
|
Sending deposit requests for foreign currency using the Prestige process. See Multi-Currency, Alternate Currency, and Prestige Process. |
CC Deposit Prestige file |
Credit card number |
Extracting invoice information to the Financial Sales Download file. See Using the Financial Data Interface. |
Credit card number |
|
Downloading sold to customers to CWData. See Working with the Data Warehouse Integration in CWDirect. Note: If the Suppress Customer Credit Card Information in Data Warehouse (I49) system control value is set to Y, the system does not download credit card information to CWData. |
DW Customer Sold To file |
Last credit card |
Generating a CWEmailOut XML message for order, shipment, return, or stored value card notifications. See Outbound Email API. Note: • For order, shipment, and return notices, all but the last four positions of the credit card number are replaced with asterisks (*), regardless of the credit card number formats defined. • For stored value card notices, the stored value card number displays unencrypted and unformatted since the customer needs to read the stored value card number for future purchases. |
opm_credit_card svc_card_nbr |
|
Generating a CWInvoiceOut XML message. See Generic Invoice Download API. |
ipm_credit_card_ nbr |
|
Generating a CWOrderOut XML message. See: |
credit_card_nbr |
|
Generating a StoreFulfillmentRequest XML message. See Merchandise Locator and Store Fulfillment API through .NET. |
Store Fulfillment Request XML Message (StoreFulfillmentRequest) (.NET) |
cc_number |
Receiving Credit Card Data from an External System
CWDirect receives an unencrypted credit card number at the following integration points.
Inbound Integration |
Message or File |
Unencrypted Field |
Receiving orders from an external system. See: |
E-Commerce New Order Message (CWCreateOrder) XML and name/value pair |
cc_number |
E-Commerce Payment Message (CWPayment) XML and name/value pair |
cc_number |
|
cc_number |
||
Credit card number |
||
Phone Order Expanded (PHORDE) file |
Credit card number |
|
NeoData Order Header (IXNDOH) file |
Credit card nbr |
|
Receiving an authorization response from a service bureau during authorization processing, including stored value card activation, balance inquiry, and authorization reversal. See Processing Authorizations and Deposits using CWIntegrate. |
Authorization Response XML Message (CWAuthorizationResponse) |
ccAccountNumber |
Receiving a deposit response from a service bureau during deposit processing. See Processing Authorizations and Deposits using CWIntegrate. |
ccAccountNumber |
|
Receiving virtual stored value card numbers from your service bureau to assign to a virtual stored value card during activation. Note: Once you receive virtual card numbers from your service bureau, you can run the Encrypt Virtual Card File Periodic Function (program name CCR0046) to encrypt unencrypted virtual card numbers in the file for companies that have enabled credit card encryption. See Encrypting the Virtual Card Number File for more information. |
Card # |
|
Receiving a stored value card remote fulfillment confirmation from a gift card fulfillment system indicating a stored value card item has been activated and fulfilled by the system. See Stored Value Card Remote Fulfillment. |
Stored Value Card Remote Fulfillment Confirmation (CWSVCRemoteIn) |
card_number |
Receiving credit card data from a tape provided by GECC. See Loading the Credit Card Account File (LCCA). |
Credit Card Account file |
Account number |
Receiving electronic gift certificate numbers from the Electronic Gift Certificate FTP file. See Populate Electronic Gift Certificate File Screen (PEGC). |
Electronic Gift Certificate file |
Gift cert number |
Receiving credit card data from Paymentech for level II discounting. See Level II and III Discounting. |
CC Deposit Level II Bin file |
CC bin low range CC bin high range |
Receiving A/R payments from an external system. See High Speed A/R Payment Entry and Batch Processing (WABP) |
account_nbr |
Encrypting the Virtual Card Number File
The system encrypts the virtual card numbers in the Virtual Card Number file when you initially install credit card encryption and when you perform a credit card encryption key switch to encrypt your credit card data using a new credit card encryption key. See Credit Card Encryption Installation and Setup for instructions on enabling credit card encryption and see Credit Card Encryption Key Switch for instructions on encrypting your credit card data using a new credit card encryption key.
However, because the Virtual Card Number file is used to receive virtual card numbers from an external system, new records added to the file are unencrypted. After you have enabled credit card encryption, you can run the Encrypt Virtual Card File periodic function (program name CCR0046) to encrypt unencrypted virtual card numbers in the file for companies that have enabled credit card encryption.
To assign a virtual card number when using encryption: In order to assign a virtual card number to a virtual stored value card when the Use Credit Card Encryption (I97) system control value is set to Y, the records in the Virtual Card Number file must be encrypted (the VCN Encrypted? field for the record must be Y). See Virtual Card Number File (FLSVCA) for more information on how the system uses the Virtual Card Number file during virtual stored value card processing.
Tracking virtual stored value card numbers: When the records in the Virtual Card Number file are encrypted, the Card # field becomes unreadable in the file. Because you can no longer read the Card # field in the file, you will not be able to track which card numbers have been assigned to a virtual stored value card and which card numbers remain in the file.
Encrypt Virtual Card File Periodic Function
Run the Encrypt Virtual Card File periodic function (program name CCR0046) to encrypt unencrypted virtual card numbers in the Virtual Card Number file for companies that have enabled credit card encryption.
Note: For tighter security standards, you should run this periodic function after you have received new virtual card number records from an external system. To ensure that new virtual card number records are encrypted, add this periodic function as part of your daily periodic process.
To set up: Use the Working with Periodic Functions (WPER) menu option to create the Encrypt Virtual Card File periodic function.
Function |
ENCVIRT |
Description |
ENCRYPT VIRTUAL CARD FILE |
Company parameter |
Y Note: In order to run the Encrypt Virtual Card File periodic function without errors, you must enter Y in the Company parameter. However, this periodic function runs for each company whose Use Credit Card Encryption (I97) system control value is set to Y. |
Appl area |
ALL |
Program name |
CCR0046 |
The Encrypt Virtual Card File periodic function:
• Determines which companies have credit card encryption enabled. The system considers a company to have credit card encryption enabled if the Use Credit Card Encryption (I97) system control value is set to Y.
• For each company that has credit card encryption enabled, the system determines if any records for the company exist in the Virtual Card Number file that are not encrypted. The VCN Encrypted? field in the Virtual Card Number file identifies whether the record has been encrypted.
• If the VCN Encrypted? field is set to Y, the Card # field for the virtual card number record is encrypted.
• If the VCN Encrypted? field is set to N or blank, the Card # field for the virtual card number record is not encrypted.
• Encrypts the Card # field for each virtual card number record that is for a company that has credit card encryption enabled and whose VCN Encrypted? field is N or blank.
• Once the virtual card number records are encrypted, the system updates the VCN Encrypted? field for the records to Y.
• Generates the Encrypt Virtual Card File report. This report lists the companies whose records in the Virtual Card Number file were encrypted.
Sample Encrypt Virtual Card File report:
CWDirect Rel 12.0 Encrypt Virtual Card File KBOTTGER CCR0047 4/16/08 12:29:16 Page 1 The virtual card file was encrypted in the following companies: Company Description 554 KAB Co2 |
Encrypt Virtual Card Number File Conversion Program
Run the following conversion program if you have already enabled credit card encryption and you wish to encrypt the existing records in the Virtual Card Number file. This conversion program performs the same steps as outlined for the Encrypt Virtual Card File Periodic Function.
SBMJOB CMD(CALL PGM(CCR0047) PARM(’’)) JOB(VIRTENC)
Credit Card Data in ECLG and MQJAVALOGS Files
The system uses the daily XML log (ECLG) file to track all XML messages generated or received by CWDirect. The file name consists of the ECLG prefix plus the current date in YYMMDD format; for example, the file for February 1, 2008 is ECLG080201.
Logs for processes that use a Java program: Certain integration layer processes use a Java program to generate outbound messages. For example, the PICK_OUT process uses a Java program, reading trigger records and generating outbound XML messages based on the key information indicated by each trigger.
Unlike the other integration layer processes, these processes use both the daily ECLG file and a separate log file, available in the MQJAVALOGS folder:
• the record in the daily ECLG file indicates the particular trigger used to generate the full outbound message. In addition, if the message contains credit card data and you are using credit card encryption, the system includes the key encryption key, in a scrambled format, in order to encrypt and decrypt the credit card data in the message correctly. For example, the ECLG record might consist of the following, based on the Key information, such as company, item, and SKU, for the trigger:
<Message source="CWDIRECT" target="CWINTEGRATE" type="CWMessageBuilder">
<Parameter>INVOIC_OUT IHD "555000086650002767 " A CWIAS400 CWMCOQDTA CWMCOQDTA EMOZART EMOZART LOCAL T0X0YAXAY0D0ZB0K "0000000000386"</Parameter>
</Message>
• the MQJAVALOGS record provides the full contents of the outbound XML message
Masking credit card data in the logs: If credit card encryption is enabled and an XML message contains a credit card number or card security number, CWDirect masks the credit card data in the ECLG and MQJAVALOGS files based on the setting of the Display Partial Credit Card Number in Logs (J16) system control value.
• If the Display Partial Credit Card Number in Logs (J16) system control value is set to Y in any company, the system displays the last four digits of the credit card number in the logs (for example, ************1234). If the credit card number is 4 digits or less, the entire credit card number is masked, such as ******.
• If the Display Partial Credit Card Number in Logs (J16) system control value is set to N or blank in every company, the system replaces the credit card number in the logs with the word REMOVEDBYLOGGER.
Note:
• As long as one CWDirect company has the Use Credit Card Encryption (I97) system control value set to Y, C, or S CWDirect masks the credit card number and card security value for every CWDirect company that is located in the same environment.
• The credit card number and card security value is unencrypted in the actual XML message until the message is transmitted to the external system. To ensure security of the credit card data during data transmission to and from CWDirect, you should configure a secure socket over your MQ queues.
CWDirect uses the XML Removed by Logger file to determine which XML tags are masked in the log files. If an XML tag in a message matches an XML tag in this file, CWDirect masks the value in the tag; otherwise, the log file contains the actual value.
Note: Masking applies only to XML tags, or attributes, in the message. You cannot mask an XML element.
The XML tags delivered in the XML Removed by Logger file are listed below. If you wish to add an XML tag to this file, you must add the XML tag to the file in the correct case.
XML Tag |
Used in XML Message |
XML Log File |
cc_number |
E-Commerce New Order Message (CWCreateOrder) E-Commerce Payment Message (CWPayment) Inbound Order XML Message (CWORDERIN) Store Fulfillment Request XML Message (StoreFulfillmentRequest) (.NET) |
daily ECLG (such as ECLG080421 for the April 21, 2008 log file)
MQJAVALOGS |
cc_sec_value |
E-Commerce New Order Message (CWCreateOrder) E-Commerce Payment Message (CWPayment) Inbound Order XML Message (CWORDERIN) Store Fulfillment Request XML Message (StoreFulfillmentRequest) (.NET) |
daily ECLG (such as ECLG080421 for the April 21, 2008 log file)
MQJAVALOGS |
ccAccountNumber |
Authorization Request XML Message (CWAuthorizationRequest) Authorization Response XML Message (CWAuthorizationResponse) |
daily ECLG (such as ECLG080421 for the April 21, 2008 log file) |
credit_card_nbr |
daily ECLG (such as ECLG080421 for the April 21, 2008 log file) |
|
ipm_credit_card_nbr |
MQJAVALOGS |
|
opm_credit_card |
CWEmailOut |
daily ECLG (such as ECLG080421 for the April 21, 2008 log file) |
CIDNumber |
daily ECLG (such as ECLG080421 for the April 21, 2008 log file) |
|
account_nbr |
daily ECLG (such as ECLG080421 for the April 21, 2008 log file) |
|
card_number |
Stored Value Card Remote Fulfillment Confirmation (CWSVCRemoteIn) |
daily ECLG (such as ECLG080421 for the April 21, 2008 log file) |
See Working with XML Log Files for more information on viewing the XML message logs.
| Data Security | Contents | SCVs | Search | Glossary | Reports | Solutions | XML | Index | Credit Card Tokenization |
SO15_01 CWDirect 18.0.x 2018 OTN