Changing Credit Card Encryption
To change the credit card encryption key, use the FS_CC_CNVRT component.
|
Page Name |
Definition Name |
Usage |
|---|---|---|
|
FS_CC_CNVRT |
Use this utility to change the key used to encrypt credit card numbers. Run the utility to re-encrypt credit card numbers using a new encryption key. |
Note: Credit card encryption is needed only for systems using a traditional credit card implementation. It is not needed for systems using a third-party credit card payment processor in a hosted implementation.
PeopleTools Pluggable Cryptography is an advanced security framework that provides a security model for applications to encrypt credit card data. The system encrypts data using 3DES algorithms and 168-bit encryption keys. The system also modifies the display of credit card numbers to show only the last four digits. The system displays an X in place of each credit card number other than the last four digits. This includes credit card numbers that are display-only as well as those that are editable.
Use of PeopleTools Pluggable Cryptography supports compliance with the cardholder data protection requirements of the Payment Card Intry (PCI) Data Security Standard and with Visa's Cardholder Information Security Program (CISP). With this feature, credit card numbers for external third-party payers, such as customers or students, are encrypted.
Steps for Changing the Encryption Key
To change the credit card encryption key:
Navigate to the Credit Card Number Re-Encrypt page.
Click the Generate Random Key button to generate a new random hexadecimal encryption key.
Clicking this button generates a new, random hexadecimal encryption key. You can modify this key, however, you must format it as a 24-byte string in hexadecimal notation. The first two characters must be 0x, and the remainder must be exactly 48 characters consisting of a combination of numeric digits and the lowercase letters a through f.
If the values in the Re-encrypt Action column do not say Decrypt, then Encrypt, click the Crypt Action button until Decrypt, then Encrypt appears in the column.
Click the Run button to start the conversion process.
The Credit Card Conversion process converts each field in the grid. If the process fails for any reason, the process can be restarted in the standard way and the process picks up where it left off. If the process cannot be restarted, the process can be run from the beginning and it automatically bypasses fields that have already been processed.
See the product documentation for PeopleTools: Security Administration, “Securing Data with Pluggable Cryptopgraphy.”
Use the Change Encryption Key page (FS_CC_CNVRT) to change the key used to encrypt credit card numbers.
Run the utility to re-encrypt credit card numbers using a new encryption key.
Navigation:
This example illustrates the fields and controls on the Change Encryption Key page. You can find definitions for the fields and controls later on this page.
Important! The Change Encryption Key page will not be enabled if the Upgrade Credit Card Numbers (FS_CC_CNVRT) process has not been run or is currently running. Once the upgrade process has completed, the Change Encryption Key page will be enabled.
Field or Control |
Description |
|---|---|
Crypt Action |
Click the button to toggle the values in the Re-Encrypt Action column in the grid. |
Generate Random Key |
Click to have the system generate a random key in the format needed by the encryption algorithms used for credit card encryption and decryption profiles. If you want to modify the generated key or enter your own, you must format it as a 24-byte hex string. The first two characters must be 0x and the remainder must be exactly 48 characters consisting of a combination of numeric digits and the lowercase letters a through f. |
Record (Table) Name |
Displays the record name. |
Field Name |
Displays the field name. |
Re-Encrypt Action |
Values include:
|