Friends, here is my second blog to share my experience about the credit card processing implementation issues.
In a standard order processing the whole pricing takes place in SAP and we don’t need to talk to any 3rd party interface. But while in a credit card processing the amount on the sales order has to be authorized by the payment gateway and thus makes it a little more difficult to handle the resultant issues. I have tried to highlight some of the major issues below.
In our business we don’t enter the value of freight booked till the delivery creation. But the credit card authorization takes place at the time of sales order itself, so it’s important to capture what the freight could be. In order find a solution we had to tweak the authorization function module cccard_authorization to charge a freight of 50 USD till 500 USD of order value and above that 10 %.
So if a sales order is created for x USD (x less than or equal to 500 USD) + 50 USD freight is charged. The authorization value is order value + freight. And incase the sales order value is 600 USD then freight is 10 %, so 600 + 60 USD is the authorization amount.
However there are lots of issues, since there may be two lines items on sales order belonging to two different shipping points. As per standard SAP if we are trying to authorize both the line items(item A – 250 USD and item B 100-USD) at the same time it recommends the authorization value as 350 USD i.e., total of item A and item B. But from business point of view, since we are booking two shipments from two different shipping points we should charge freight individually. So, the authorization amount we are expecting in this case is 250 USD + 50 USD freight for item A and 100 USD + 50 USD freight for item B. However this would not work since there is a conflict with SAP’s value of authorization amount which is 350 USD, where as per business requirement we are searching for an authorization amount of 250 USD and 100 USD. To achieve solution in this case, there are two options either to further tweak the authorization function module or recommend business to create separate sales order whenever there are items with multiple shipping points.
The authorization for a sales order line item is based on the material availability date. So if all the line items of a sales order are available today, then we authorize it completely and charge the freight also accordingly. But, if one/some of the line items or part of a line item quantity requested is available in a future date then we need to do multiple authorizations which result in multiple shipments.
Incase of a sales order having multiple shipments, separate deliveries are going to be created. So, we need to charge the freight also individually for each of those deliveries made. Care should be taken that, the authorization function module calculates freight correctly and does not mix with the previous freights charged.
Another complexity is when a delivery is created with a mix of service items and shippable items; the freight is only applicable to the extent of shippable items.
Re authorization is required for material becoming available for a sales order which was till then available at a future date, as a result of stock transfer between plants. Re authorization is also required to capture sales order items which become available at a future date. The re authorization program can be scheduled with a batch job at a particular time every day.
Back Order scheduling
Based on the priority of sales order we may even allocate stocks to sales orders directly. So when the stock becomes available, the re authorization program need to pick this order and authorize.
Whenever an accounting document is posted for settlement the customer account is cleared and the credit card receivables account is debited. And incase a settlement fails, the credit card receivables account is credited where as the customer account still remains cleared. To run repeat settlement, we have to use FCC2, and give the batch number of the failed settlement. But a batch of settlement may contain more than one accounting document of which some may be successful and others might have failed. So, when receiving the settlement response from 3rd party service its important to update the tables like BSEGC, BSEG, TCCLG at line item level rather than header level of settlement document. This helps in executing FCC2 transaction.
Per standard SAP, we can use multiple cards to authorize a sales order. So if a sales order value is 500 USD, then 200 USD can be authorized by 1st card (since only that much fund is available on it) and the 2nd card can authorize the rest of amount i.e., 300 USD. But the complexity in handling this is what happens if the first card goes through well second card fails. So the authorization is partly successful. However it cannot help fully, if there is only one line item with quantity-1 on the sales order whose value is 500USD.
VKM1 should not be used to release a credit card order from credit hold since the order does not have a valid authorization on it, further processing cannot be done. If at all its required to do so, then VCC1 should be used. VCC1 is specially meant for this purpose. So at the time of implementation proper authorizations need to be setup for the finance team, so that they do not commit a mistake to release a credit card order off credit hold with VKM1/VKM3 and creating problems later on.
Per standard SAP, the credit card details are not copied when we create sales order from quotation. It’s a security provision. But you might need to do so sometimes for client requirement. The option is to tweak the copy control between quotations to order.
PCI DSS Guidelines
Payment card industry data security standards is a body formed by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International to lay guidelines on how to handle the data security. It’s so important to understand these guidelines, as any breach of security can lead to cancellation of licenses to carry out business through credit card payments. We can learn about PCI DSS guidelines here.