10.5 PCard Security

= Card Number Validation =

With the exception of GECF ePcards and Ghost Cards, all Procurement Card numbers are validated using a proprietary formula for the generation of a card number. PECOS P2P valuates the “correctness” of a number according to the respective card type proprietary format, using an algorithm known as the **Luhn algorithm**. This ensures that a PCard Number has been entered correctly.

8

9

= PCI Data Security Standards =

10

11

In an effort to improve security and comply with current PCI (Procurement Card Industry) Data Security Standards for the storage and transmission of cardholder data, a **System Dynamic Option** exists. This option allows organisations to select an option for masking card data in both the administration pages and the transmitted purchase order.

12

13

The following three security options are available:

14

15

== Level 2 PCard Security ==

16

17

* The card number is masked in the //Procurement Card Search// popup window.

18

//**[[image:PECOS Admin.WebHome@Fig 9.6 - Procurement card search page showing masked card number.png||height="90%" width="90%"]]**//

19

* The CVV2 field is masked in the P//rocurement Card admin// page.

20

[[image:PECOS Admin.WebHome@Fig 9.7 - Procurement card page showing masked CVV2 number.png||height="90%" width="90%"]]

21

* The CVV2 field is masked in the //Order Delivery and Invoicing page// when adding/updating personal procurement cards. (Users can be allowed to dynamically enter personal procurement card data through the assignment of a dynamic option.)

22

* The CVV2 field is masked in the //Requisition Delivery and Invoicing page// when adding/updating personal procurement cards. (Users can be allowed to dynamically enter personal procurement card data through the assignment of a dynamic option.)

23

[[image:PECOS Admin.WebHome@Fig 9.8 - Requisition delivery and invoicing page showing masked personal PCard CVV2.png||height="90%" width="90%"]]

24

25

== Level 3 PCard Security ==

26

27

* PO Template: the card number is always masked, even when being transmitted to the supplier.

28

* PO Template: the expiration date is masked.

29

* PO Template: the CVV2 is always masked, even when being transmitted to the supplier.

30

[[image:PECOS Admin.WebHome@Fig 9.9 - Purchase order template showing masked card data.png||height="90%" width="90%"]]

31

32

== Level 4 PCard Security ==

33

34

* The CVV2 field is removed from the procurement card admin page.

35

* The CVV2 field is removed from the order delivery and invoicing page.

36

* The CVV2 field is removed from the requisition delivery and invoicing page.

37

[[image:PECOS Admin.WebHome@Fig 9.10 - Procurement card administration showing removed CVV2 field.png||height="90%" width="90%"]]

Wiki source code of 10.5 PCard Security

Navigation

author	version	line-number	content
		1	{{box cssClass="floatinginfobox"}}
		2	{{toc/}}
		3	{{/box}}
		4
		5	= Card Number Validation =
		6
		7	With the exception of GECF ePcards and Ghost Cards, all Procurement Card numbers are validated using a proprietary formula for the generation of a card number. PECOS P2P valuates the “correctness” of a number according to the respective card type proprietary format, using an algorithm known as the Luhn algorithm. This ensures that a PCard Number has been entered correctly.
		8
		9	= PCI Data Security Standards =
		10
		11	In an effort to improve security and comply with current PCI (Procurement Card Industry) Data Security Standards for the storage and transmission of cardholder data, a System Dynamic Option exists. This option allows organisations to select an option for masking card data in both the administration pages and the transmitted purchase order.
		12
		13	The following three security options are available:
		14
		15	== Level 2 PCard Security ==
		16
		17	* The card number is masked in the //Procurement Card Search// popup window.
		18	//[[image:PECOS Admin.WebHome@Fig 9.6 - Procurement card search page showing masked card number.png\|\|height="90%" width="90%"]]//
		19	* The CVV2 field is masked in the P//rocurement Card admin// page.
		20	[[image:PECOS Admin.WebHome@Fig 9.7 - Procurement card page showing masked CVV2 number.png\|\|height="90%" width="90%"]]
		21	* The CVV2 field is masked in the //Order Delivery and Invoicing page// when adding/updating personal procurement cards. (Users can be allowed to dynamically enter personal procurement card data through the assignment of a dynamic option.)
		22	* The CVV2 field is masked in the //Requisition Delivery and Invoicing page// when adding/updating personal procurement cards. (Users can be allowed to dynamically enter personal procurement card data through the assignment of a dynamic option.)
		23	[[image:PECOS Admin.WebHome@Fig 9.8 - Requisition delivery and invoicing page showing masked personal PCard CVV2.png\|\|height="90%" width="90%"]]
		24
		25	== Level 3 PCard Security ==
		26
		27	* PO Template: the card number is always masked, even when being transmitted to the supplier.
		28	* PO Template: the expiration date is masked.
		29	* PO Template: the CVV2 is always masked, even when being transmitted to the supplier.
		30	[[image:PECOS Admin.WebHome@Fig 9.9 - Purchase order template showing masked card data.png\|\|height="90%" width="90%"]]
		31
		32	== Level 4 PCard Security ==
		33
		34	* The CVV2 field is removed from the procurement card admin page.
		35	* The CVV2 field is removed from the order delivery and invoicing page.
		36	* The CVV2 field is removed from the requisition delivery and invoicing page.
		37	[[image:PECOS Admin.WebHome@Fig 9.10 - Procurement card administration showing removed CVV2 field.png\|\|height="90%" width="90%"]]