We are progressively reducing the amount of credit cards we store and are attempting to switch to not storing at all beginning June 1st.
One question that's come up since our discussion is regarding the Kiosks - if we were to set CC_Store_Account to No so that credit cards are not automatically stored, what do we do with the Kiosks that require the patron to swipe their credit card to print their tickets?
Believe our Kiosks are set up to only check the last 4 digits and that as long as this is recorded in the payment the kiosk was picking up on this.
This has worked for us online where we don't store credit cards in Tessitura but do store the last 4 digits.
Mark
That can't be true, the last four digits aren't unique.
Deleting credit cards shortly after initial use isn't a PCI panacea. You are still entering and transmitting them, which is a large part of your exposure. If you are not going to store any credit cards, how do you plan on processing refunds?
We don't provide refunds - our policy is to 1 - Exchange, 2 - Ticket Voucher valid for 3 months, 3 - Ticket Voucher valid for 1 year, 4 - On Account, 5 - Gift Certificate. Very rarely do we have to provide a refund and if it were necessary then we'd simply ask the patron to provide their credit card for refund.
We don't have kiosks, but on the refund front we don't store any credit card numbers at all on our system, and if we need to refund (which only happens if a show cancels) we call the customer to follow up on the refund.
Caryl