Due to continued problems with credit card fraud, the credit card industry has come together to create a new Payment Card Industry (PCI) standard to combat this problem. All companies that process credit card information must adhere to these standards.
Of course, this could quickly become an expensive proposition for smaller organizations. Thus, there are increasing requirements that companies must meet depending upon the size and the number of transactions that are processed each year.
It is clear that as time goes by additional requirements will be made to these standards and companies will have to abide by them or be subject to significant charges for non-compliance.
For this reason, companies are seeking PCI compliant alternatives that have a standard interface to their ERP systems. It is no different in the SAP world.
Encryption vs Tokanization
Part of the requirements for PCI compliance demands that customer payment information be encrypted when presented and stored in a database or during processing. Encryption basically scrambles the information using a key and a mathmatical algorythm.
To remove SAP from the auditory requirements for payment card processing, it is becoming more common to isolate the customer payment information outside of the SAP system and have the processing software provide encryption and possibly data tokanization.
Essentially this happens by securing the payment information in the processing system and then having the processing system issue a token or index value back to SAP. Thus the token is stored in SAP and not the customer payment information. Of course, this requires that each time a new credit card is entered or changed, SAP must pass that information to the processing system which then returns the token to be stored in SAP.
Encryption and tokanization tend to be an extra cost that providers of processing systems charge for this service.
On-site Software vs Hosted
There are basically two options available for integrating payment card processing within SAP. The first option is the most common where the processing software is purchased and installed on-site. The second option is the hosted method where the processing software is install offsite and transaction information is sent via VPN or another type of secure connection.
Option #1: On-Site Software
The on-site software option requires that you purchase the software and then implement it into your SAP system. All transactions are performed locally on-site instead of being sent to a hosting company.
Typically the cost for this option less expensive than the hosted option and comes down to the cost of the software plus installation charges and maintenance fees. Over the course of several years this option can lead to significant savings.
Option #2: Hosted
The hosted method removes the processing application to the off-site hosting company with only the transaction information being passed between the originating company and the processing company. The processing company passes the transaction information on to the Processor company.
The advantages of this option are that no on-site server is required to host the processing application and no transactional information is stored on-site.
However, this comes with a price since hosted solutions usually charge a monthly transaction fee based upon payment card transaction volume. This can range anywhere from $2000/month and up. Moreover, it is not uncommon for companies to require that you sign a contract for a minimum of three years.
Payment Card Processing in SAP
In recent versions of SAP beginning with 4.0, SAP has provided some basic payment card processing functionality. However, because the Payment Card industry varies widely with many card processing entities and requirements, SAP leaves the detailed implementation and functionality to its partners.
Finding Certified SAP Partners
While working on an SAP implementation project, I spent some time researching the availability of certified SAP partners that provide payment card processing. Of course, I first turned to www.sap.com to find this information. However, it was not readily apparent where to find it. Therefore, I began looking directly on the internet for 3rd party vendors that provide these services. It was only later that I discovered this information directly on www.sap.com. Follow these instructions to find this information.
1. Goto www.sap.com
2. Click on “SAP ECOSYSTEM/PARTNERS”
3. Click on “Partner Information Center (PIC) search” (found on lower right corner of the page)
4. Click on the tab “Search for Solutions”
5. Select “CA-PCI 4.0 – Payment Card Interface 4.0” from the “SAP-defined Integration Scenarios:”.
6. Press the “Search” button.
As long as the link to this page doesn’t change, you can simpy click here.
Certified SAP Partners for Payment Processing
Obviously, there are many other options that are available to handle payment card processing with SAP including custom built interfaces to existing payment processing applications.
However, with the ever changing PCI standards being mandated upon the industry, it is difficult to be in the business of monitoring these requirements and revising custom applications on a regular basis.
There are currently three SAP certified partners that provide payment card processing solutions. Check the following links to find out more information about these companies and their solutions.
1. Delego 2.0 (On-site Software or Hosted option)
Delego Software, Inc.
2. PayWare ERP 4.3 (On-site Software Option)
Princeton Payment Solutions, LLC
3. XiPayNet 3.0 (Hosted Option)
Any business wanting to protect their customers payment information will want to understand and comply with the new PCI security requirements. These companies are SAP certified partners that have the technical knowledge and products to help you protect your customer payment information in these days of hacking, fraud and credit high jacking.
Click here to go to the PCI Security Standards Council web site for more information on the new PCI security standards.