CardConnect’s Oracle-validated integration for E-Business Suite tokenizes all payment data at the point of entry, drastically reducing the scope of PCI. With industry-leading tokenization and powerful point-to-point encryption, CardConnect provides the best security measures in the payments industry.

  • Minimize PCI Scope
    Tokenization and PCI-certified P2PE provides the ultimate reduction of PCI scope, while keeping your customers’ sensitive information safe and secure.
  • Intelligent Tokenization
    CardConnect’s CardSecure protects the card data and PII within your Oracle system with multi-use, single vendor, irreversible tokens – compliant with PCI-DSS and state regulations.
  • Secure Vault
    CardConnect sanitizes your Oracle system of card numbers and places them in an ultra-secure off-site PCI compliant vault.

Oracle Integration FAQs

General FAQs

Is the CardConnect solution Oracle validated?

Yes, CardConnect is an Oracle Gold Level Partner. Details about our validation are available on our Oracle Partner Network page.

What Oracle reports are available for credit card transactions?

Oracle includes several reports that provide valuable detail regarding transactions. We recommend using the following reports:

  • Automatic Receipt and Remittance Execution Report
  • Automatic Receipt Batch Management Report
  • Remittance Batch Management Report
  • Automatic Receipt Awaiting Confirmation Report
  • Transaction Awaiting Consolidation Report
  • Unapplied and Unresolved Receipt Register
  • Receipts Awaiting Remittance Report
  • Transaction Summary Report

In addition, as part of the Oracle R12 CardConnect solution, you will receive a report to view the data points from Order Management, Accounts Receivables, and CardConnect specific details.

The CardPointe Web App and CardPointe Gateway API provide additional reporting and transaction management utilities.

What is a token?

A token is the replacement of the sensitive data with a non-sensitive representation of that data point.

Is the token always the same value for each payment card?

We offer customers the option to have persistent tokens. This reuses the same token every time the card is used.

For our SAP customers, we offer one-time use tokens. This generates a new token each time the card is used.

What does P2PE stand for and why is it important to me?

P2PE (point-to-point encryption) is an encryption standard established by the Payment Card Industry (PCI) Security Standards Council. In a P2PE solution, data is encrypted at the point of interaction (for example, a card reader device) and remains encrypted until it reaches the payment processor. Visit the PCI Security Standards Council's Point-to-Point Encryption (P2PE) Solutions page for more information.

Capturing card data using a P2PE validated device like the SREDkey can greatly increase security, as well as potentially reduce your organization's PCI scope.

I'm not taking credit cards in Oracle today. What new programs will I have to execute to process a credit card payment?

The steps required to process the Capture for a transaction are:

  • Automatic Receipt Master Program
  • Automatic Remittance Master Program
  • Funds Capture Process (included in the Remittance Master Program for 11i).

This is standard functionality and more details on the flow are available at Oracle's Document Library. We suggest reviewing the following Oracle documents:

Does the CardConnect solution provide a way to restrict credit cards from being entered into the Oracle credit card fields?

Yes, CardConnect's solution includes a feature that you can implement in your Oracle R12 system to restrict credit card numbers from being entered into the credit card number field, and to only allow tokens to be entered into that field.

Setup FAQs

What type of call is occurring from the Web Tokenizer to retrieve the token value?

The Web Tokenizer can be accessed via a merchant’s web browser by entering a card number into the web application screen and invoking an HTTPS call to the CardSecure server to tokenize the card number and utilizing java code the token value is posted back into the Oracle system.

Is the CardConnect Solution implementing custom code in Oracle to accept tokens and utilize the CardConnect gateway?

No, CardConnect’s Validated Integration utilizes the standard credit card column in Oracle and replaces it with a token, and then this value passes over the standard Oracle Gateway Technology.

How do I configure a new receipt class?

Authorization FAQs

When does an order Authorize?

When an order begins in Order Management, it authorizes in real-time using Oracle Payments once the order is booked. When an order originates in Receivables, it uses Oracle Payments to capture the required payment details to obtain an authorization. For more details, please refer to Oracle's Payments User Guide.

Does an authorization reserve the funds?

An authorization will validate that the funds are available to be used and hold the funds for five days. If the funds are not captured in five days, the processor will release them. These are standard credit card processing guidelines.

How long is an authorization valid for?

Authorizations for Visa, Mastercard and Discover cards remain valid for 7 days, while authorizations for American Express cards remain valid for 30 days.

While authorizations remain valid for the periods specified above, transactions are more likely to encounter higher transaction fees as the time between authorization and capture increases. We recommend to capture funds for card-present transactions (cards swiped or inserted into a card reader device) within 24 hours, and capture funds for card-not-present transactions (card data manually entered using Web Tokenizer, iFrame Tokenizer, or SREDkey keypad) within 72 hours to avoid interchange downgrades.

Can we void authorizations?

Oracle Payments no longer supports void transactions, so in order to void authorization requests the system will submit a modified authorization request to change the authorization amount to zero dollars to release the funds. This feature is available for customers who run Oracle 12.2 as the feature is not available for Oracle 11i or 12.1.3. Oracle customers on 11i or 12.1.3 these customers can utilize the CardConnect UI to void the authorization or the can utilize the Oracle functionality to cancel the line, which will ensure that the transaction is not captured but it will leave the authorization open until it expires. It's important to note void transactions can take a few days to complete the void on the card holder cards depending on the processor.

Capture FAQs

What General Ledger-specific details will the transaction hit?

As part of the Oracle configuration, the customer creates a new receipt method in Accounts Receivable. This receipt method defines the general ledger accounts that each transaction in the credit card process should use.

CardConnect typically sees the following General Ledger’s used:

  • Pending Accounts Receivable (AR)
  • Cash In Transit
  • Cash on Hand

What Accounts Receivable steps must be completed to submit a credit card for capture?

The following Accounts Receivable steps must be completed to submit a credit card for capture:

  • Automatic Receipt Master Program
  • Automatic Remittance Master Program
  • Submit Offline Transactions
    • Submit Offline Transactions is only required for Oracle R12 Customers. Oracle 11i includes this step as part of the Automatic Remittance Master Program.

How do I pay multiple invoices simultaneously?

Oracle allows you to create a credit memo and apply the necessary invoice(s) to this credit memo. Once the credit memo is created, it will run through the remaining out of the box programs to complete capture steps for receipt, remittance, funds, and capture.

How do I pay a past due invoice that was originally to be paid via check/cash and the customer wants to pay via credit card?

Oracle allows the receipt method to be updated and the credit card payment instrument and details to be applied, once this occurs and the invoice is eligible for capture the receipt will be created and submitted through the remaining steps to capture. Eligible invoices mean that their due date less than or equal to today’s date.

Can we add freight after the original Authorization is created?

Yes, Oracle will manage this incremental change via a new receipt for that amount. To capture the additional funds, the invoice will only be for the full amount.

How do I only use one card supplied by the customer to pay multiple invoices?

Oracle allows the customer to create a credit memo and apply the necessary invoice(s) to this credit memo. Once the credit memo is created, it will run through the remaining out of the box programs to complete capture steps for receipt, remittance, funds, and capture.

Can we continue using Automatic Clearing for receipts with the CardConnect solution?

Yes. For those who are eligible, CardConnect offers the CardDeposit feature. CardDeposit provides an automatic reconciliation process as a replacement to the time-consuming and error-prone process of manual reconciliation.

Contact your sales representative for more details.

What does it mean when a receipt is in the "Confirmed" status?

It means that the receipt has not yet been sent for Capture. The following scenarios may apply to the transaction:

  • The Automatic Remittance Master Program has not yet processed the receipt.


  • The receipt is in error and is waiting for a team member to review. These errors can be managed from the Menu function "Correct Funds Transfer Errors" (Oracle R12) or "Correct Credit Card Errors" (Oracle 11i).

    It's a best practice to review errors on a daily basis to align with the concurrent programs running to create new receipt.

SSL Certificate Update

Our SSL certificate has been updated with a new expiration date. Please refer to Oracle SSL Certificate Update to see if this impacts your Oracle EBS instance.