Payment card master data made simple and secure
Creation of payment card master data in SAP has taken a step forward in terms of simplification and security. According to the Payment Card Industry Data Security Standard (PCI DSS), if SAP (or any other organization for that matter), intends to accept card payments, and store, process and transmit cardholder data, then the organization must host the data securely with a PCI compliant hosting provider, also known as PSP. To be compliant with industry standards, SAP released SAP digital payments add-on for integrating SAP Applications for Digital Payments. This Add-On is part of FSCM functional area and available as “Cloud Application” (FIN-FSCM-HCP-DP) and can be subscribed as SaaS based solution.
Only credit cards are supported as of now.
The system landscape for payment scenarios using the SAP digital payments add-on is composed of three elements:
- Consumer application, Customer Master Fiori Application in this case.
- SAP digital payments add-on on SAP Cloud Platform.
- Payment service provider.
End-to-End Credit card master creation
- Launch the ‘Manage Customer master’ Fiori App from Fiori launch pad.
- In create mode of person or organization, navigate to Payment cards facet and click ‘+’ to register a new credit card.
- Enter the Card ID in the popup presented. You may enter value, numeric/alpha numeric and click Register button.
- You will be presented the card registration UI in the new browser window.
All the credit card checks would be performed here at the UI of the PSP. Hence the following credit card check rules are not relevant in OP1709 release if SAP digital payments add-on is active.
- American Express Checking Rule BUP_CCARD_CHECK_AMEX
- VISA Checking Rule BUP_CCARD_CHECK_VISA
- MasterCard Checking Rule BUP_CCARD_CHECK_MC
- Diners Club Checking Rule BUP_CCARD_CHECK_DINERS
- Enter the card details (here: UI of PSP Paymetric as example) and click submit.
- You may observe that the credit card number is masked and display only. Also, all the other data which submitted on the card registration UI is display only. Hence it is evident that no user can modify the data in SAP system.
Following process flow describes the technical aspects of payment card creation
User sends a request to SAP digital payments add-on, which will intern fetch the card registration URL (from the PSP). User then enters the card information and submits. The PSP stores the data and return the token. This token is then processed further by the SAP digital payments add-on and the information is finally pulled from the calling application, Customer master Fiori app in this case.
End-to-End Credit card master deletion
Now imagine the use of credit card data is complete.All transactions with respect the card in question are completed.It is possible to delete the card information from SAP system. The deletion process consists of 3 steps:
- Request the deletion at PSP
- De-linking the card from Business partner (customer).
- Deletion of card from card master
Following process flow describes the technical aspects of payment card deletion
User clicks delete from the customer master fiori app. This deletion request then sent to the SAP digital payments add-on where it is checked if the card (which is to be deleted) has any open transactions. If not then card details will be deleted from SAP digital payments add-on and from PSP and then the tokens are deleted from SAP system.
- Credit card data is much more secure than ever
- Digital Payments is natively integrated for Cloud Applications
- No expensive PSP integration projects are required
- Cloud and On-Premise applications can access same Digital Payment Application
- No need of PCI certifications anymore
For more information regarding SAP digital payments add-on regarding Integration, Administration and Security, Please visit https://help.sap.com/viewer/p/DIGITALPAYMENTS.