Credit Card Handling in V12

Hi Michael,

As far as I’m aware, storage of credit card numbers hasn’t changed in v12 – no tokens that I’ve seen (we are live with v12). I too would be very interested in any information as to future plans for this.

Thanks,

David

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Michael Sampson
Sent: Tuesday, January 21, 2014 1:39 PM
To: David Frederick
Subject: [Tessitura Technical Forum] Credit Card Handling in V12

Hello,

I recall conversations about how credit card numbers will be stored and transmitted in the future as tokens. I have been looking for more information about this...can someone point me in the right direction?

Thank you....

Michael

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

I would be one happy camper if this was ready for 12.5!

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Chuck Reif
Sent: Thursday, January 23, 2014 10:10 PM
To: Gloria Ormsby
Subject: RE: [Tessitura Technical Forum] Credit Card Handling in V12

We're just about to start work on tokenization, first for Element users in North America and then for UK and ANZ users.  Not sure yet whether it will make it into v12.5 with Pricing Rules, or in the next release as we're not totally sure of the complexity yet.  Understand, however, that there is a cost for storing cards as tokens that you pay (to Element in this case) on a per card/per month basis.  So you would probably only want to store cards that you use for recurring payments (like pledge billing) in this way.  And choose not to store other cards at all. 

Thanks Chuck! This is good to hear, and thank you for the heads-up in regards to the cost of using tokens.

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Chuck Reif
Sent: Thursday, January 23, 2014 7:11 PM
To: David Frederick
Subject: RE: [Tessitura Technical Forum] Credit Card Handling in V12

We're just about to start work on tokenization, first for Element users in North America and then for UK and ANZ users.  Not sure yet whether it will make it into v12.5 with Pricing Rules, or in the next release as we're not totally sure of the complexity yet.  Understand, however, that there is a cost for storing cards as tokens that you pay (to Element in this case) on a per card/per month basis.  So you would probably only want to store cards that you use for recurring payments (like pledge billing) in this way.  And choose not to store other cards at all. 

I’m wondering how we would process show cancellations. Would that process automatically refund the credit card based on the transaction ID? Or would we need to call each customer to get their credit card information to process the refunds manually?

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Susie Terada
Sent: Wednesday, February 11, 2015 7:53 PM
To: Gloria Ormsby
Subject: RE: [Tessitura Technical Forum] Credit Card Handling in V12

Hi Chuck,

I listened in on today's webinar on software developments but want to make sure I heard correctly. Is tokenization confirmed for v12.5?

Thank you!

Here is a link to our privacy and security policy. We spell out our measures.

http://www.flynntix.org/Privacy.aspx

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Nick Reilingh
Sent: Wednesday, March 02, 2016 12:57 PM
To: Gloria Ormsby
Subject: RE: [Tessitura Technical Forum] Credit Card Handling in V12

Hi Aaron,

I can empathize with this. Some people care very strongly that their data is being properly safeguarded, and this is entirely reasonable given current events, and the typical state of data security (or lack thereof) in the industry.

The concept that everyone should understand is that "security by obscurity" is not a valid way of doing business. That is, the specific encryption algorithm being used is not a secret that is protecting that data. Knowing which algorithm is in use only gives an attacker leverage if that algorithm is flawed in some way. The way encryption works is that a secret key unique to each organization is actually what protects the data. The methods and algorithms by which Tessitura uses this key should be public knowledge to the Tessitura IT community so that it can be scrutinized, such that we all have a high degree of confidence that the techniques employed are best practices and do not use any outdated algorithms that have been shown to be breakable or flawed.

Now, for your customer, it may be the case that you simply need to tell him that your software conforms to PCI security standards of data encryption, and whether your organization houses card data or uses tokenization. But you before you can do that (in the former case), you would want to understand what PCI-DSS actually requires of the software and your organization, and have a technical understanding of the algorithms in use.

Any DBA at your organization is capable of reverse-engineering and documenting this algorithm, but I for one would like to see the Network release a white paper to the Tessi IT community that specs this out for us. Something as important as card encryption should be fully documented and scrutinized, and our community should expect nothing less. If you are a self-hosted Tessitura installation and experience a data breach, the blame is on your organization, not on the Network.