• Replies 10 replies
  • Subscribers 362 subscribers
  • Views 76 views
  • Users 0 members are here
Related

PCI de-scope

Robert Greig
$organization

Hi,

There is a discussion taking place between some of the UK venues at the moment regarding PCI-DSS and the possibility of de-scoping all card transactions or effective outsource the PCI compliance issues. We know that TNS now offer a Hosted Payment - Form model which requires both the TNSPay WebService API and the TNSPay Gateway's Hosted Payment and we were wondering how far Next Gen had gone in considering the new services and developments from payment providers, which may make PCI compliance cheaper, safer and less hassle.

Thanks,

Rob

 

Parents
  • $organization
    1024x768 Clean false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4

    Tom,

    The Science Museum has a functional, but inelegant way of processing gift cards. I say inelegant because it is does not seamlessly link Tessitura to our processor. We use a third party processor to enable our patrons to use their gift cards in our Explore Store, parking ramp and contracted food service. We use methods of payment to add value to and redeem gift cards. Processing, balance inquiries is done through a separate software. Please let me know if I can provide more details, though I think we may have talked at a conference?

    Thanks.

    Ray

     

    From: Tessitura Next Generation Forum [mailto:forums-nextgeneration@tessituranetwork.com] On Behalf Of Tom Brown
    Sent: Friday, April 08, 2011 11:12 AM
    To: rbernard@smm.org
    Subject: Re: [Tessitura Next Generation Forum] PCI de-scope

     

    Chuck,

    As you are looking at the Credit Card Server are you considering the issues around credit card company issued gift cards?  Right now we have not found a way to institute this kind of gift card setup for Tessitura. 

    This seems to be because the current credit card server and Tessitura Clients have no way to do the following:

    • querry available balances and then
    • easily split payments between the Gift Card and apply the remaining expences on another Credit Card or more gift cards.

    To be the most help, we would have to be able to do the above from both the Box Office and on the Web. 

    Is this sort of functionality on the "Radar Screen"?

    --Tom

    From: Chuck Reif <bounce-chuckreif3941@tessituranetwork.com>
    Sent: 4/8/2011 10:48:35 AM

    I think Keith is somewhat correct in his reading of the Network update item on the new credit card server.  It is one of our goals to have a completely "hands off" method to deal with credit cards in order to remove the onus of PA-DSS certification for the software.  In fact our team had a meeting this week with our security auditors to discuss that very topic (among others).  The new credit card server is one step towards that because it gives us more options for ways to address payment processors.  I understand that what you are talking about specifically is a 3rd party hosted window so that the application never even touches (much less stores) that credit card data and we are looking at that as well.  That approach does add some simplicity to the process but also poses some integration challenges because of the "commit" problem.  What happens if you authorize a card through a totally separate window and then you never save the order?  And if you want to do recurring payments (automatic credit card billing) then we have to store some pointer to the credit card stored in a 3rd party system.  All solvable problems but ones that add to the complexity.

    Thanks for the comments and for keeping the conversation going.




    You were sent this message automatically by www.tessituranetwork.com because you subscribed to the Tessitura Next Generation forum email notifications. You may reply to this message or visit the site to reply to the post above. If replying via email, please consider deleting the previous message text before sending to help with readability on the site. Thank you!

Reply
  • $organization
    1024x768 Clean false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4

    Tom,

    The Science Museum has a functional, but inelegant way of processing gift cards. I say inelegant because it is does not seamlessly link Tessitura to our processor. We use a third party processor to enable our patrons to use their gift cards in our Explore Store, parking ramp and contracted food service. We use methods of payment to add value to and redeem gift cards. Processing, balance inquiries is done through a separate software. Please let me know if I can provide more details, though I think we may have talked at a conference?

    Thanks.

    Ray

     

    From: Tessitura Next Generation Forum [mailto:forums-nextgeneration@tessituranetwork.com] On Behalf Of Tom Brown
    Sent: Friday, April 08, 2011 11:12 AM
    To: rbernard@smm.org
    Subject: Re: [Tessitura Next Generation Forum] PCI de-scope

     

    Chuck,

    As you are looking at the Credit Card Server are you considering the issues around credit card company issued gift cards?  Right now we have not found a way to institute this kind of gift card setup for Tessitura. 

    This seems to be because the current credit card server and Tessitura Clients have no way to do the following:

    • querry available balances and then
    • easily split payments between the Gift Card and apply the remaining expences on another Credit Card or more gift cards.

    To be the most help, we would have to be able to do the above from both the Box Office and on the Web. 

    Is this sort of functionality on the "Radar Screen"?

    --Tom

    From: Chuck Reif <bounce-chuckreif3941@tessituranetwork.com>
    Sent: 4/8/2011 10:48:35 AM

    I think Keith is somewhat correct in his reading of the Network update item on the new credit card server.  It is one of our goals to have a completely "hands off" method to deal with credit cards in order to remove the onus of PA-DSS certification for the software.  In fact our team had a meeting this week with our security auditors to discuss that very topic (among others).  The new credit card server is one step towards that because it gives us more options for ways to address payment processors.  I understand that what you are talking about specifically is a 3rd party hosted window so that the application never even touches (much less stores) that credit card data and we are looking at that as well.  That approach does add some simplicity to the process but also poses some integration challenges because of the "commit" problem.  What happens if you authorize a card through a totally separate window and then you never save the order?  And if you want to do recurring payments (automatic credit card billing) then we have to store some pointer to the credit card stored in a 3rd party system.  All solvable problems but ones that add to the complexity.

    Thanks for the comments and for keeping the conversation going.




    You were sent this message automatically by www.tessituranetwork.com because you subscribed to the Tessitura Next Generation forum email notifications. You may reply to this message or visit the site to reply to the post above. If replying via email, please consider deleting the previous message text before sending to help with readability on the site. Thank you!

Children
No Data