Understanding Data Encryption for Global Payroll for United States
This topic provides additional information about the implementation of the bank account number encryption that is specific to Global Payroll for United States.
The content is grouped into these sections:
Video: Image Highlights, PeopleSoft HCM Update Image 39: HCM Encryption Configuration
To comply with Nacha’s data security requirements, Global Payroll for United States uses the Encryption Framework to encrypt and mask bank account numbers stored in the database for payee bank accounts, deduction recipients and source bank accounts.
The pages used in Global Payroll for United States that display bank account numbers include:
(SRC_BANK source record) Source Bank Accounts Page.
(RECIPIENT source record) Define Deduction Recipients Page.
(GP_RCP_PYE_DTL source record) Add Deduction Recipients Page.
You cannot view or edit the bank account number on this page, but when you select a recipient ID, the information for this recipient is copied from the RECIPIENT table to the GP_RCP_PYE_DTL table.
(PYE_BANKACCT source record)
Personal Bank Accounts pages from Employee Self-Service. See Updating Personal Bank Account Information.
Bank Accounts Page from the Banking file in Fluid.
Refer to Encryption Source Records for a list of source records that are delivered for bank account number encryption using the HCM Encryption Framework.
After the encryption process is run for the selected source records, the account numbers are encrypted and masked in the database. The account numbers displayed on the corresponding pages are also masked based on configuration, unless the users are granted the roles that allow them to view the unmasked data. See the Delivered Roles For Viewing Unmasked Data topic for system-delivered roles that grant access to see unmasked data.
Global Payroll for United States delivers user roles that allow the administrator(s) to view unmasked account numbers for deduction recipients, payee bank accounts, and the Source Bank Accounts table, even though the numbers are masked for everyone else. These roles are:
Payee Bank Account Admin
This role allows users to see the unmasked account numbers on the Maintain Bank Accounts Page. Employees who are also administrators with this role can view their own unmasked bank account numbers using Personal Bank Accounts pages from Employee Self-Service and the Bank Accounts page from the Banking tile in Fluid.
Recipient Bank Account Admin
This role allows users to see the unmasked account numbers on the Define Deduction Recipients Page.
Source Bank Account Admin
This role allows users to see the unmasked account numbers on the Source Bank Accounts Page.
The Enable Mask option determines the masking of bank account numbers on the Maintain Bank Accounts page for administrators, as well as Personal Bank Accounts (Classic) and Bank Accounts (Fluid) self-service pages for employees.
This example illustrates the fields and controls on the Security section of the Self Service Banking Options page.
Regardless of this setting, payee account numbers are still masked in the database once the encryption is run.
All account numbers on the wage statements (HTML online pages and PDFs) are also masked when the encryption is run.