What SAP Payment interfaces are available and how are they best applied?
In 1997 SAP introduced functionality for acceptance of credit card payments in the Sales & Distribution (SD) and Financial Accounting (FI) modules of the R/3 4.0A release of their flagship ERP product. The screen enhancements for capturing credit card details and the business logic enhancements in the SD & FI modules for Authorizing and Settling the credit card transactions were coupled with a new interface which SAP called the Cross Application Payment Card Interface (CA-PCI). The CA-PCI interface was designed to use TCP/IP Remote Function Call interfaces which passed multiple tables of data. SAP encouraged third-party solution providers to develop middleware solutions which would integrate with the SAP CA-PCI interface on one side and with the Credit Card Processing companies on the other side.
The diagram above, from SAP’s CA-PCI documentation, doesn’t show a middleware between the SAP instance and the Clearinghouse; however several middleware solutions were developed.
Over the years HighRadius introduced a number of enhancements to the SAP CA-PCI interface to help companies keep pace with changes in the Payments Industry which SAP opted to not address themselves including:
- Encryption\Tokenization of card numbers in the SAP database for PCI-DSS compliance
- Support for Level 2 & Level 3 data transmission for Corporate Card payments
- Cloud-based middleware solutions to replace the early On Premise solutions
- Support for additional payment methods such as eCheck, PayPal, Apple Pay, etc.
- Capture and tokenization of card numbers in hosted pages rather than in the SAPGUI
- Capture and tokenization of card numbers in DTMF based solutions
SAP eventually determined that the CA-PCI interface needed to be updated to support the above functionality and additional payment methods. These changes were also intended to make the interface more flexible and easier to configure. But rather than simply update the CA-PCI interface, in 2017 SAP introduced an entirely new, web service based interface named the Digital Payments Add-On (DPA). The DPA was designed by SAP to be more flexible and extendable and to be a unified payments interface which eventually would be rolled out to all SAP solutions.
The above diagram can be found in SAP documentation here.
Since its release in 2017, SAP has made the DPA available in a variety of SAP solutions including:
- S/4HANA On-Premise releases 1709 onwards
- S/4HANA Cloud releases 1705 onwards
- S/4HANA Cloud for Customer Payments (all releases)
- SAP Subscription Billing (all releases)
- SAP Commerce (B2C) 6.5 onwards
- SAP Commerce (B2B) 1905 onwards
- SAP Commerce Cloud 2005 onwards
- SAP Business ByDesign 21.08 onwards
A full list of SAP solutions which support integration with the DPA is maintained by SAP in the SAP Help Portal (Documentation) here.
So which interface should you use and what factors should you consider? Well, that depends on whether the CA-PCI or DPA or both are available based on the release of your SAP solution and also whether your SAP solution is On Premise or Cloud based. Here are some general guidelines:
- Only SAP R/3 4.6c, SAP ECC 5.0 & 6.0, and S/4HANA On Premise can still use the CA-PCI interface
- Hosted versions of S/4HANA can use the CA-PCI interface if ABAP code changes can be made
- All S/4HANA Cloud solutions can only use the DPA interface
- All other SAP Cloud solutions listed above can only use the DPA interface (based on release versions listed)
And what else should you take into consideration?
- SAP does not charge a license fee for the CA-PCI interface
- The CA-PCI interface requires a middleware to transform the calls to web services
- There are third-party solutions offered for the CA-PCI interface and some solutions require additional On Premise servers for the middleware applications
- The CA-PCI interface can be easily modified or enhanced if necessary
- The CA-PCI does not natively prevent entry of raw card data within the SAP screens which must be addressed for PCI-DSS
- The CA-PCI interface will eventually no longer be supported by SAP
- SAP does charge a license fee for the DPA interface
- The DPA interface is web service based and nearly plug-and-play configurable
- SAP controls the DPA interface making it more difficult to modify or enhance if necessary
- There are more third-party solutions offered for the DPA interface
- The DPA interface supports tokenization of the entry of raw card data for PCI-DSS compliance
- The DPA is the long-term interface SAP will support for Digital Payments across their suite of products
SAP has made native improvements in the security and functionality for digital payments with the release of the Digital Payments Add-On. Those improvements do come with additional cost in the form of a required SAP license for the DPA and certain workflow restrictions. Companies running SAP ERP solution On Premise which still have access to the SAP Cross-Application Payment Card Interface may continue to leverage that interface until upgrading to a version which only supports the DPA. HighRadius currently supports the CA-PCI and is certifying a DPA solution, giving you a choice of which SAP interface you’d like to use for credit card acceptance now and in the future.