JDE Data Security for Bank Account Numbers

Business leaders continue the drive to digitization and automation but must balance that against security of sensitive data. In the area of automated payment processing (for vendors/employees) and payroll processing (for employees), JDE has delivered new features for securing the sensitive banking details that are key to efficient and timely payments via EFT or ACH. These new security features are partly in response to defined requirements from NACHA (National Automated Clearing House Association) but relevant for any organization needing additional security for vendor and employee bank accounts. Prior approaches in JDE for securing banking details involved applying application security for viewing, adding and changing banking details to the specific applications where banking details were stored (i.e. P0030A) or applying column security to the specific data items (i.e. CBNK). A downside of this option was that secured users/roles could not even confirm if banking records existed to have confidence that processes requiring that data, like the payment process, would run correctly. The new features provide more flexible security options, with the default set to mask the bank account with asterisks (***) for all programs defined in UDC table 00/PI as well as all reports. Note: The programs defined in this list, and relevant for this security feature, are hard-coded by Oracle. If an additional application must be secured using this feature, custom development is required.

The feature allows clients to configure which programs, roles and users will have this data UNMASKED. Note: The setting for a USER ID takes precedence over the setting for a ROLE. When the data is masked, it appears as follows:

Using Data Protection Configuration (P0040), you configure UNMASKING for specific programs, roles or users. The configuration can be for a program exception only or can be more sophisticated with a program and user/role-based exception.

• A Program exception would unmask the data for all users/roles for the defined program.
• A User and Program exception allows more granularity in the set up. Some users or roles may have access to the data in the program while others do not.

The View/Update setting defines if the user/role can VIEW only or UPDATE as well.

The example below is for unmasking:

• A Role,
• A Program,
• To View data only

With that rule in place, the users in the role are able to see the full Bank Account Number.

However, when they drill into the record they are unable to update the banking details – the field is greyed out.

Alternatively, if the configuration was changed from View (V) to Update (U), the user is then able to update the banking details in the application – the field is no longer greyed out.

Configurable UNMASKING only applies to data on the applications within JDE. All reports will mask the banking details so that PDF copies (emailed or printed) or reports viewable in job queues do not unintentionally leave this data open to public consumption. This feature is available in Release 9.2 if you download the relevant ESU, or in Release 22 as part of the base offering. For more information about making this feature available in your JDE system, contact us.