Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deleting old credit card numbers

Former Member

‎05-25-2006 4:20 PM

0 Kudos

For obvious security reasons, we would like to simply erased credit cards Number in the SAP and CRM databases after one year, even if the documents that reference them were not archived (Sales Orders for example).

Does SAP have a "standard" solution for that? Wil using brute force and simply erasing the contents of the CCNUM fields in various tables work? Anybody did something like that in their system?

Ron Herrmann

5 REPLIES 5

former_member181962
Active Contributor

‎05-25-2006 4:25 PM

0 Kudos

Try deletion from the transaction OV81.

Regards,

Ravi

Former Member

‎05-25-2006 4:49 PM

0 Kudos

I don't think there is any such solution. If there are pending transactions associated with a credit card, then you cannot simply wipe them out. If security is the concern, then there are various credit card applications in the market that encrypt the numbers and store. There are some certified by SAP packages as well. May be buying one such solution is more viable than using 'brute' force to wipe them out.

Former Member
In response to Former Member

‎05-26-2006 1:18 PM

0 Kudos

We encrypt credit card information in both R/3 and CRM.

But our Legal department has a good point that even if the Credit Card number is encrypted, it's still a security risk to keep a huge database of (encrypted) credit card numbers that we really do not need. Basically, probably a year after the sale is done, we really do not need to keept the credit card number on file.

Ron

Former Member
In response to Former Member

‎07-23-2006 5:16 PM

0 Kudos

Ron,

I am not sure if you have found any standard solution for this problem. We have faced a similar issue in a recent internal audit. What we came up was a simple solution that may not be the most elegant but works just fine without compromising the integrity of the SAP system. You can replace all the real credit cards with dummy credit card numbers. Depending on the middleware product you are using, a small routine in ABAP needs to be written, which will decrypt the original cards, replace them with dummy cards that pass the Luhn check and re-encrypt them back. This retains the integrity of the SAP system and if you were to display the Sales order, it does not cause dumps. I hope this is helpful and should you need more details, please do not hesitate to reach me anytime at ryann@kaizencg.com.

Ryan

Former Member
In response to Former Member

‎01-27-2009 12:18 AM

0 Kudos

Ron,

How did you eventually satisfy the requirement?