Step 1: Setup Your Corporate Card Feed
Contact your company’s bank and ask them to enable a standard feed for your credit card transactions. They’ll ask you to provide some details:
- How often you want the feed
- Where to deliver the CSV file
Nightly delivery of the feed is pretty common, and is part of Coupa’s default configuration, so that’s what we suggest. The file needs to be hosted on an SFTP, either ours, or the feed providers.
|
Method |
Description |
|---|---|
|
Coupa hosted SFTP site (preferred) |
Production and Implementing clients: Please reach out to your Coupa implementation manager once the Integration project has been signed and kicked off. Be sure to include the following information
We’ll provide information to the provider so they can access our SFTP. |
|
Provider or client hosted SFTP |
In this case, there is some paperwork, but we are mainly passing them information to get into the site. The provider will set up an SFTP site and send some paperwork back to the client and Coupa. |
If the file is going to be hosted on Coupa’s SFTP site at sftp-site.coupahost.com, following folders will be created
- [CustomerName]CorpCard/[CardProvider]CorpCardTest
- [CustomerName]CorpCard/[CardProvider]CorpCardProd
Sign in to the site at username@sftp-site.coupahost.com. Create different accounts for test and production and ensure they have different credentials. If you don’t have credentials to sign in, contact Coupa support to get some.
PCI Compliance
Coupa offers customers the ability to deploy their Coupa instance in a PCI Compliant environment. Customers within this environment can work with their Coupa services engagement manager to receive approval for Corporate Card providers and banks to send full PAN (Primary Account Number) to the customer's instance using standard sFTP integration.
For customer instances that do not reside in a PCI Compliant environment, Coupa works with Corporate Card providers, banks, and our customers to ensure clear text PAN is not included in the transaction files. From a compliance standpoint, account numbers are the only sensitive data transmitted, which is why we require masking of account numbers in the files provided to Coupa, with no exception. This removes sensitive data from the provider file, from being transmitted in our sfTP, and from being stored in Coupa.
When working with a bank or corporate card file provider, all account numbers must be masked in the file.
If the customer has a VISA or Mastercard card program, we recommend masking the account number to the last 4 digits. However, with only 4 digits, it can be easy to duplicate within a large employee base. For these larger customers, we generally recommend first 6 and last 4 digits.
If the customer has an American Express card program, the below options are available from their provider. We recommend starting with 5 digit masking. If customer analysis finds this results in account number duplication, they should move to 6 digits or finally 7 digits.
- 5 Digits Masking- The last 5 digits will be visible
- 6 Digits Masking- The last 6 digits will be visible
- 7 Digits Masking- The last 7 digits will be visible
- Fully Masked: All the digits are masked