Ok I am a bit stymied at the moment and looking for potential solutions. We have a donor desk which purchases tickets to NY and London theatres. The NY and London producers are adamant about receiving house seat orders via email which we all know is both illegal in many states as well as goes against almost all of the current PCI rules.
Does anyone have a solution as to how to handle the requests in a way that doesn't piss off the NY and London producers as well as meet basic PCI requirements.
Any ideas here would be helpful. We have come up with a few but many have other drawbacks.
Thanks,
Dave AltonCIOCenter Theatre Group
Hi Dave,
This is probably a solution you already considered, but I'll mention it just in case... There are secure email portals that keeps the entire message encrypted using SSL. One solution I've seen Element Payment Services use for sending confidential data is this one: http://www.zixcorp.com/documents/datasheets/ZixMail.pdf. Essentially, after the message is securely sent, the recipient receives an email with a link that takes them to a web portal. After authenticating, the recipient picks up the message in a https session via the browser. I've only been on the receiving end, but found it to be easy-to-use.
In theory, it meets the PCI requirement 4 that deals with cryptography and security protocols when transmitting sensitive data; however, it potentially has flaws. For example, how long are old messages cached on the hosts' server? Perhaps they have a way to automatically wipe messages based on age. I wish you the best in finding a solution!
Thanks,David