• Replies 30 replies
  • Subscribers 341 subscribers
  • Views 88 views
  • Users 0 members are here
Related

Element Deletes Transactions After 120 Days – A Potential Refunding Nightmare

Cliff Bailey
$organization

We recently switched to Element and so far, for the most part, it has been running smoothly. However, we recently found that Element only keeps transactions in their system for 120 days. This was not obvious to us in any documentation we had and is not included as part of the installation process. I’m sure it’s out there somewhere but suffice it to say, we didn't see it.

That means after 120 days you can’t process a refund as you normally would in Tessitura because refunds are based on transactions. If the transaction has been removed from Element it can’t be referenced and an error will be generated upon authorization.

If we needed to do a refund to a patron’s credit card after 120 days we can’t actually process the refund in Tessitura which would leave us with two options according to Element when I spoke with them at the conference. First, we could issue the credit to their account for another performance. This is basically a no-go for us. We don’t want to anger the patron by not crediting their card back in the case of an issue being our fault. Our second option would be to call Element and have them do a “blind credit”. In that case, we would need to provide the credit card information, which we would have to call the patron to obtain, and then tell Element how much to credit to the account. This is the process we would have to use.

It may not be obvious why this is a problem and at first I didn't think it was either. So every now and again we might have to get a patron’s credit card information and then put in a call to Element, no big deal. Then our director of ticketing brought up show cancellations. This happens more often than I thought it did and we often start selling shows more than 120 days out.  

I wrote a query to see how bad of a problem this could potentially be. There were 314 shows since the 2012-2013 season that had tickets bought more than 120 days before the show. 41 of those shows sold to 100+ patrons (not tickets, but patrons) before that mark. One of them sold to 505 patrons before that mark. That show took place just last year and was at an outdoor venue which can be a volatile situation.

If that show would have had to cancel day of or the day before our organization would have needed to have contact with 505 patrons, get their credit card information, and then call Element to have each one credited. Right now, to my understanding, other than on account credits (again, a no-go) we have no other option.

Element is not going to change their practice of deleting transaction after 120 days. We are but a small segment of a very high security business. The only fix, according to Element, would be for Tessitura to implement a way for blind credits to be processed within the application.

We're basically waiting for Tessitura to issue a fix to this and we can't know for sure when that will be or if they even plan on doing it. Blind credit processing could be a security risk as a person could issue a credit to a card without a transaction being associated. This means an unscrupulous person could issue blind credits in order to steal from the organization. I’m sure Tessitura would be hesitant to implement it and so I don't expect it any time soon if ever (here’s hoping I'm wrong!)

Does anybody have any ideas on what could be done about this? I'm hoping I've just missed something.

Thanks!



[edited by: Cliff Bailey at 8:59 AM (GMT -6) on 26 Aug 2015]
Parents
  • $organization

    It seems as if some clarification is needed here and I hope this helps. 

    Tessitura has always had the ability to store credit cards and we are PA-DSS certified to continue to do that.  Nothing in any new version of Tessitura has changed this ability.  It has also always been the case that some sites have preferred not to store card data and we have the ability to configure the software to do that as well.

    New functionality in v12.1 and v12.5 provides additional new options available for card handling.  Following is a summary of the options currently available.

    1. You can continue to store credit cards as you have done in the past, using them for refunds and automated billing when necessary.
    2. You can decide not to store any credit card data on your system at all.
    3. You can decide not to store actual card data and instead decide to tokenize the cards that you use for automated billing.  This allows you to continue to do automated billing without storing card data.   There is a token storage fee for Element users.  Tokenization is not currently an option for TNS users in the UK and Ireland.
    4. Cards that are tokenized in Tessitura can be used for all of the same purposes that regularly stored cards are.  That means that you can select a tokenized card from the list of stored credit cards and refund directly to it.
    5. Regardless of whether you store any credit card data in Tessitura, Element users in North American can also refund credit card transactions back to the original card by using the Refund by Transaction number feature.  Element’s retention policy for this feature is to store the transaction reference and card data for 120 days.  Payment Express users also have this ability for most transaction types.
    6. If you elect to neither store the card information or tokenize, then you have increased security but have left yourself in a position of not having access to card information after 120 days, in which case you would have to contact the customer if a refund were necessary.

    I want to make it clear that we have not taken away any existing functionality for credit card handling—just provided some new options.  These new options do have some limitations because each of them are designed to provide greater levels of security.

    V12 also introduced support for encrypted card readers—this option was also designed to provide additional security and ease of PCI compliance by keeping credit card data off of your network.  However, these new types of secured readers are not required—you can continue to use your existing card swipes.  Doing so does mean that unencrypted card data is transmitted on your network as it has always been.

    It is possible that future security regulations may force us to restrict the options available in Tessitura for card storage and handling.  But at the moment, we are providing only additional capability to provide you with more options.  Data security, and in particular payment data security, is something that we take very seriously and so we are always studying and participating in best practices in this area.


    Hope this information helps explain things.




    [edited by: Chuck Reif at 2:06 PM (GMT -6) on 26 Aug 2015]
Reply
  • $organization

    It seems as if some clarification is needed here and I hope this helps. 

    Tessitura has always had the ability to store credit cards and we are PA-DSS certified to continue to do that.  Nothing in any new version of Tessitura has changed this ability.  It has also always been the case that some sites have preferred not to store card data and we have the ability to configure the software to do that as well.

    New functionality in v12.1 and v12.5 provides additional new options available for card handling.  Following is a summary of the options currently available.

    1. You can continue to store credit cards as you have done in the past, using them for refunds and automated billing when necessary.
    2. You can decide not to store any credit card data on your system at all.
    3. You can decide not to store actual card data and instead decide to tokenize the cards that you use for automated billing.  This allows you to continue to do automated billing without storing card data.   There is a token storage fee for Element users.  Tokenization is not currently an option for TNS users in the UK and Ireland.
    4. Cards that are tokenized in Tessitura can be used for all of the same purposes that regularly stored cards are.  That means that you can select a tokenized card from the list of stored credit cards and refund directly to it.
    5. Regardless of whether you store any credit card data in Tessitura, Element users in North American can also refund credit card transactions back to the original card by using the Refund by Transaction number feature.  Element’s retention policy for this feature is to store the transaction reference and card data for 120 days.  Payment Express users also have this ability for most transaction types.
    6. If you elect to neither store the card information or tokenize, then you have increased security but have left yourself in a position of not having access to card information after 120 days, in which case you would have to contact the customer if a refund were necessary.

    I want to make it clear that we have not taken away any existing functionality for credit card handling—just provided some new options.  These new options do have some limitations because each of them are designed to provide greater levels of security.

    V12 also introduced support for encrypted card readers—this option was also designed to provide additional security and ease of PCI compliance by keeping credit card data off of your network.  However, these new types of secured readers are not required—you can continue to use your existing card swipes.  Doing so does mean that unencrypted card data is transmitted on your network as it has always been.

    It is possible that future security regulations may force us to restrict the options available in Tessitura for card storage and handling.  But at the moment, we are providing only additional capability to provide you with more options.  Data security, and in particular payment data security, is something that we take very seriously and so we are always studying and participating in best practices in this area.


    Hope this information helps explain things.




    [edited by: Chuck Reif at 2:06 PM (GMT -6) on 26 Aug 2015]
Children
No Data