Displaying credit card numbers

Credit card number should be displayed only to users who have permissions to see them. Therefore, when you build a custom screen to display credit card number, use the following rules to ensure that this security is maintained:

When you configure the getDecryptedCreditCardNumber() API for your screen through the Applications Manager, you must specify a dynamic input so that the DisplayFlag attribute is passed to the API, based on current user's permissions. Here is an example of how you could specify the Input field:

<GetDecryptedCreditCardNumber
DisplayFlag="xml:CurrentUser:/User/@ShowCreditCardInfo"
EncryptedCCNo="xml:/Order/PaymentMethods/PaymentMethod/@CreditCardNo"/>

And specify the Template field according to the following example:

<GetDecryptedCreditCardNumber DecryptedCCNo=""/>

Displaying multiple credit card numbers

When displaying credit card numbers in a list, you might choose to display the DisplayCreditCardNo attribute, which is returned by the APIs that output CreditCardNo.

To append asterisks to the credit card number returned by the API, use the DisplayCreditCardNo attribute and the showEncryptedCreditCardNo() method.

Displaying a list of decrypted credit card numbers in a list involves calling getDecryptedCreditCardNumber() in a loop for each row. This can be an expensive operation, so you may want to display a list of encrypted credit card numbers (shown as **********1234) by using the DisplayCreditCardNo attribute. All APIs that output CreditCardNo return this attribute. Then link the encrypted credit card numbers to a pop-up window that displays a specified credit card number in a decrypted format.