To swipe or not to swipe payment card processing in sap
1. Credit Card Processing in SAP
SAP ERP Central Component 6.0 [ECC 6.0]
To Swipe or Not to Swipe: Payment Card Processing in SAP
Mohit Tekriwal
Deloitte Consulting India Pvt Ltd
10/09/2009
2. Introduction
Mohit Tekriwal
SAP Consultant
Mtekriwal@deloitte.com
Desk Tel: +1 615 718 152
Hyderabad, India
Cell: + 44 7837644994
Joined Deloitte in August 2008
Having Overall 6 yrs of experience out of which 5 years in the field of Enterprise Applications
(SAP) Implementation and multiple support projects as SAP FICO consultant
Worked in SAP Full life cycle implementation & Support Projects for clients – Information
Services Provider #1 ; Wal-Mart Stores, Inc., Food and Beverage Manufacturer #4 , Kimberly
Clark UK, Levis Strauss & Co. USA Certified Public Accountant (AICPA)
A qualified Certified Public Accountant (CPA) from American Institute of Certified Public
Accountants (AICPA) USA.
-2-
3. Table of Contents
• Why automate credit card processing?
• A basic understanding of credit card processing
• Terminology
• SAP Capabilities & Limitations
-- SAP Card Payment Chain Gap
-- SAP Payment Card Interface
-- Interface Between SAP and Clearing Houses / processors
• Discuss implementation options and issues
• Highlight some best practices
-3-
4. Why automate credit card processing?
• Free up valuable working capital by reducing Days of Sales
Outstanding (DSO)
• Decreasing exposure to accounts receivable risk by effectively
transferring transactional and credit risk to the issuing bank
• Real-time transaction authorization with an immediate payment
guarantee from the card’s issuing bank
• Substantial labor savings by reduction of Manual effort to collect
default payments
• Allows for payments directly in Financial module with card
• Adds an additional method of payment for customers
-4-
6. Terminology
• Merchant ID – unique id identifying the supplier(you)
• Processor (Clearing House) – provides authorization and settlement
services
• Merchant Bank – supplier’s bank(your bank)
• 3rd Party Provider – provides the interfacing solution to allow SAP to
communicate with the processor
-6-
7. SAP Capabilities & Limitations
•SAP’s products provide basic payment card processing
functionality, but does not provide a direct connection
between various SAP products and the payment card
processing networks.
•SAP Cross Application Payment Card Interface (CA-PCI)
allows for integration with third-party middleware or
home-grown software
•SAP offers native card number encryption – SAP’s
encryption not compliant with all Visa Cardholder
Information Security Program (CISP) rules
-7-
9. SAP Payment Card Interface
SAP Payment Card Interface is an application software that acts as a
bridge between SAP’s R/3 system and an external financial
institution’s software
-9-
11. Implementation Options
• Build a custom program(s) to interface with the
processor(s)
• Purchase a 3rd party solution from vendors
- 11 -
12. Pros/Cons Custom Programs
Pros:
Lower initial external cost
Possibly lower transaction costs
If it already works – don’t fix it?
Cons:
Custom development costs
Possible custom configuration in SAP
Maintenance of custom code
- 12 -
13. Pros/Cons 3rd Party Solution
Pros
No/little custom development costs
Less custom configuration in SAP
Maintenance/support of 3rd party vendor
Quicker to implement?
Can offer additional functionality beyond SAP delivered
Cons
Initial external cost
Possibly higher transaction costs
Maintenance/support of 3rd party vendor
- 13 -
14. Best Practices
Encrypt credit card data via either 3rd party or SAP
Can require OSS notes
Limit access to credit card information via security
Only those who need access
Additional fraud checks
Install and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Use and regularly update anti-virus software or programs
Restrict access to cardholder data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Regularly test security systems and processes
Maintain a policy that addresses information security for employees and contractors
- 14 -
15. Summary
• Automated credit card processing can be efficient and
enhance ROI
• In most cases buying a 3rd party solution is going to be the
best option compared to building a series of in-house
custom programs
• Take credit card fraud seriously
- 15 -
16. Future Planned Sessions
• Security & Encryption around Credit Card processing in
SAP – Centralization and Tokenization
• Accounting Entries for Credit Card Processing in SAP and
Clearing Aspects
• Standard Out of the Box SAP Configuration for Credit
Cards with screenshots in detail (SD & FI)
- 16 -