Hi,
There is a discussion taking place between some of the UK venues at the moment regarding PCI-DSS and the possibility of de-scoping all card transactions or effective outsource the PCI compliance issues. We know that TNS now offer a Hosted Payment - Form model which requires both the TNSPay WebService API and the TNSPay Gateway's Hosted Payment and we were wondering how far Next Gen had gone in considering the new services and developments from payment providers, which may make PCI compliance cheaper, safer and less hassle.
Thanks,
Rob
Hi Rob,
I see this is covered here: http://www.tessituranetwork.com/network/About/Network%20News/Network%20Newsletters/2011_April.aspx?utm_source=NetworkUpdate&utm_medium=email&utm_campaign=April2011
Thanks Keith – We are particularly interested in de-scoping PCI which I don' t think the covers
I think Keith is somewhat correct in his reading of the Network update item on the new credit card server. It is one of our goals to have a completely "hands off" method to deal with credit cards in order to remove the onus of PA-DSS certification for the software. In fact our team had a meeting this week with our security auditors to discuss that very topic (among others). The new credit card server is one step towards that because it gives us more options for ways to address payment processors. I understand that what you are talking about specifically is a 3rd party hosted window so that the application never even touches (much less stores) that credit card data and we are looking at that as well. That approach does add some simplicity to the process but also poses some integration challenges because of the "commit" problem. What happens if you authorize a card through a totally separate window and then you never save the order? And if you want to do recurring payments (automatic credit card billing) then we have to store some pointer to the credit card stored in a 3rd party system. All solvable problems but ones that add to the complexity.
Thanks for the comments and for keeping the conversation going.
Chuck,
As you are looking at the Credit Card Server are you considering the issues around credit card company issued gift cards? Right now we have not found a way to institute this kind of gift card setup for Tessitura.
This seems to be because the current credit card server and Tessitura Clients have no way to do the following:
To be the most help, we would have to be able to do the above from both the Box Office and on the Web.
Is this sort of functionality on the "Radar Screen"?
--Tom