Changing the Credit Card Encryption Key

To change the encryption key at any time after the initial conversion, you must first re-encrypt all credit card data.

To re-encrypt credit card data:

1. If this is the first re-encryption following the initial conversion and you have not secured the FS_CC_CNVRT component, complete the steps in the “Securing the Credit Card Components” section in this topic.

   See Securing the Credit Card Component.

   Complete the steps for the FS_CC_CNVRT component only. Securing FS_CC_CNVRT secures both the FS_CC_CNVRT component and the FS_CC_CNVRT portal registry.

2. Navigate to Set Up CRM > Utilities > Credit Card Encryption > Change Encryption Key.

3. Click the Generate Random Key button to generate a new random hexadecimal encryption key.

   Clicking this button generates a new, random hexadecimal encryption key. You can modify this key, but you must format it as a 24-byte string in hexadecimal notation. The first two characters must be 0x, and the remainder must be exactly 48 characters and consist of both numeric digits and the lowercase letters a through f.

4. If the values in the Re-encrypt Action column are not Decrypt, then Encrypt, click the Crypt Action button until Decrypt, then Encrypt appears in the column.

5. Click the Run button to start the conversion process.

   The Credit Card Conversion process converts each field in the grid. If the process fails for any reason, you can restart the process; it will resume where it stopped. If you can not restart the process, run it from the beginning. The system will bypass fields that have already been processed.

Use the Credit Card Number Re-Encrypt page (FS_CC_CNVRT) to change the key used to encrypt credit card numbers.

Run the utility to re-encrypt credit card numbers using a new encryption key.

Navigation:

Set Up CRM > Utilities > Credit Card > Change Encryption Key

This example illustrates the fields and controls on the Credit Card Number Re-Encrypt page.