PCI de-scope

Hi all,

Just on the point of automatic credit card billing. If like us you always require  the CV2 number, but then you can’t save this number in Tessitura, doesn’t this function become obsolete in the UK?

I think Keith is somewhat correct in his reading of the Network update item on the new credit card server.  It is one of our goals to have a completely "hands off" method to deal with credit cards in order to remove the onus of PA-DSS certification for the software.  In fact our team had a meeting this week with our security auditors to discuss that very topic (among others).  The new credit card server is one step towards that because it gives us more options for ways to address payment processors.  I understand that what you are talking about specifically is a 3rd party hosted window so that the application never even touches (much less stores) that credit card data and we are looking at that as well.  That approach does add some simplicity to the process but also poses some integration challenges because of the "commit" problem.  What happens if you authorize a card through a totally separate window and then you never save the order?  And if you want to do recurring payments (automatic credit card billing) then we have to store some pointer to the credit card stored in a 3rd party system.  All solvable problems but ones that add to the complexity.

Thanks for the comments and for keeping the conversation going.

Thanks Keith – We are particularly interested in de-scoping PCI which I don' t think the covers

You were sent this message automatically by www.tessituranetwork.com because you subscribed to the Tessitura Next Generation forum email notifications. You may reply to this message or visit the site to reply to the post above. If replying via email, please consider deleting the previous message text before sending to help with readability on the site. Thank you!

Hi all,

Just on the point of automatic credit card billing. If like us you always require  the CV2 number, but then you can’t save this number in Tessitura, doesn’t this function become obsolete in the UK?

I think Keith is somewhat correct in his reading of the Network update item on the new credit card server.  It is one of our goals to have a completely "hands off" method to deal with credit cards in order to remove the onus of PA-DSS certification for the software.  In fact our team had a meeting this week with our security auditors to discuss that very topic (among others).  The new credit card server is one step towards that because it gives us more options for ways to address payment processors.  I understand that what you are talking about specifically is a 3rd party hosted window so that the application never even touches (much less stores) that credit card data and we are looking at that as well.  That approach does add some simplicity to the process but also poses some integration challenges because of the "commit" problem.  What happens if you authorize a card through a totally separate window and then you never save the order?  And if you want to do recurring payments (automatic credit card billing) then we have to store some pointer to the credit card stored in a 3rd party system.  All solvable problems but ones that add to the complexity.

Thanks for the comments and for keeping the conversation going.

Thanks Keith – We are particularly interested in de-scoping PCI which I don' t think the covers

You were sent this message automatically by www.tessituranetwork.com because you subscribed to the Tessitura Next Generation forum email notifications. You may reply to this message or visit the site to reply to the post above. If replying via email, please consider deleting the previous message text before sending to help with readability on the site. Thank you!