I use Pledge Billing and Membership Auto Renewal to process our sustaining memberships - people who give monthly, quarterly, or yearly on an on-going basis. However, this means that we have to store credit card #'s in Tessitura. We are looking at alternatives so that we don't have to store those numbers thereby making PCI compliance easier. Does anyone do sustaining memberships and/or pledge billing a different way, avoiding the need to store #'s in Tessitura?
I'd hate to lose the ability to use this functionality in Tessitura - it has worked very well for me - so I'd love to hear from anyone else who is running into this issue, and how you have responded to IT/security concerns.
Odele Peter
Development Database Coordinator
Flynn Center for the Performing Arts
I believe the Tessitura application & database, etc...are PCI compliant in and of themselves - so as long as it is configured with the recommended settings such as encrypt the cc#'s, security accounts to mask the full number in the client then Tessitura itself won't be your PCI headache and is basically already compliant.
Getting the rest of your environment compliant: networking, firewall, and physical processes are what you'll need to be focusing on.
Good luck!