Understanding the Encryption Framework
The Encryption Framework provides pages for identifying sensitive information in applications and an application engine (AE) process that encrypts and masks sensitive data that is stored in the database.
This table shows a change in data values stored in the database after the encryption process is run. In this example, the encryption process encrypts the value of the ACCOUNT_NUM field in the DIR_DEP_DISTRIB source record for Payroll for North America.
After the encryption process is run successfully, the ACCOUNT_NUM field stores the masked account number, and the PY_BANKACCCRYPT field (which was added to the record to store the encrypted value) stores the encrypted account number.
| Encryption Run | Field | Value |
|---|---|---|
|
Before |
ACCOUNT_NUM (existing field) |
1234567890 |
|
PY_BANKACCCRYPT (new field) |
[blank] |
|
|
After |
ACCOUNT_NUM (existing field) |
XXXXXX7890 |
|
PY_BANKACCCRYPT (new field) |
9WwdDcA3l/uYpYKM+uSmsw== |
Note:
After encryption is run, the encrypted bank account numbers stored in the database can't be viewed on any delivered online page. The masking of account numbers on online pages is controlled by the Direct Deposit options on the Payroll for NA Installation page. Refer to the Direct Deposit Installation Options and Data Masking topic for more information.
To comply with Nacha’s data security requirements, which request that deposit account information be rendered unreadable when it is stored electronically, Global Payroll for United States, Payroll for North America, and Payroll Interface leverage the Encryption Framework to encrypt and mask bank account numbers in the database.
Note:
When encryption is run on a source record, all future additions, updates, changes will be automatically encrypted. For instance, when an employee adds new direct deposit data after the encryption process is run, the account number stored in the database will automatically be encrypted and masked. You only need to run the encryption once per source record.