PECOS Admin » 10. Procurement Cards » 10.5 PCard Security

10.5 PCard Security

Card Number Validation

With the exception of GECF ePcards and Ghost Cards, all Procurement Card numbers are validated using a proprietary formula for the generation of a card number. PECOS P2P valuates the “correctness” of a number according to the respective card type proprietary format, using an algorithm known as the Luhn algorithm. This ensures that a PCard Number has been entered correctly.

PCI Data Security Standards

In an effort to improve security and comply with current PCI (Procurement Card Industry) Data Security Standards for the storage and transmission of cardholder data, a System Dynamic Option exists. This option allows organisations to select an option for masking card data in both the administration pages and the transmitted purchase order.

The following three security options are available:

Level 2 PCard Security

  • The card number is masked in the Procurement Card Search popup window.
    Fig 9.6 - Procurement card search page showing masked card number.png
  • The CVV2 field is masked in the Procurement Card admin page.
    Fig 9.7 - Procurement card page showing masked CVV2 number.png
  • The CVV2 field is masked in the Order Delivery and Invoicing page when adding/updating personal procurement cards. (Users can be allowed to dynamically enter personal procurement card data through the assignment of a dynamic option.)
  • The CVV2 field is masked in the Requisition Delivery and Invoicing page when adding/updating personal procurement cards. (Users can be allowed to dynamically enter personal procurement card data through the assignment of a dynamic option.)
    Fig 9.8 - Requisition delivery and invoicing page showing masked personal PCard CVV2.png

Level 3 PCard Security

  • PO Template: the card number is always masked, even when being transmitted to the supplier.
  • PO Template: the expiration date is masked.
  • PO Template: the CVV2 is always masked, even when being transmitted to the supplier.
    Fig 9.9 - Purchase order template showing masked card data.png

Level 4 PCard Security

  • The CVV2 field is removed from the procurement card admin page.
  • The CVV2 field is removed from the order delivery and invoicing page.
  • The CVV2 field is removed from the requisition delivery and invoicing page.
    Fig 9.10 - Procurement card administration showing removed CVV2 field.png

Navigation


P2P  Overview

P2P  Procurement

P2P  Admin

P2P  Approvals

P2P  Reports

P2P  Mobile

P2P  Documents

Using Online Help


Selective Export


© 2022 Elcom International, Inc. All rights reserved.