We recently upgraded to v12.5. Now all users who have access to Transactions tab>>Credit Cards radio button can see the first six digits and the last four digits of any credit card number. In v12 they could only see the last four digit which we had restricted using the following security object from the v12 security module:
Now we don't see this security object in v12.5 security module and also searching v12.5 T_APP_OBJECTS table doesn't return this object.
Am I missing something here? Does anybody know how to hide full credit card numbers (except the last four digits) in Tessitura client in v12.5? I thought I would ask here first before I open a ticket or start digging through the documentation. May be some of you can tell me off the top of your head. Thanks for any help!
Best,
Mo
Mo,
To continue to reduce exposure we have removed the rights to see the full card in 12.5 as part of the upgrade which is why you see the security object removed from the application. Seeing the first 6 and last 4 is an enhancement we have added in some cases in 12.5 (look for more options for this moving forward). Viewing the first 6 is the same level of compliance as seeing just the last 4 and can assist with searching and identifying cards.
Anna
Anna,
I would also be interested in finding out how to hide the First 6 from showing for Credit Card numbers for our staff. I think a few of them feel uncomfortable seeing the more numbers now that they are there.
Nick, did you find anything?
Thanks, both!
Hi John,
Haven't learned anything new; just decided to include a training component for my staff that explains what the deal is with credit card numbers -- why they shouldn't feel uncomfortable about this, but also why they shouldn't communicate with a customer about anything other than the last four.
Thanks, Nick! I think we will implement the same here unless I find anything. Should that be the case, I promise to share.
Hi John and Nick -
I just wanted to reiterate that displaying the first 6 and last 4 digits of a CC, while strange to those of us who are used to being restricted to the last four only, is now industry standard for PCI compliance. In case you want/need any talking points, I'll expound on this below.
Our software recently passed it's PA-DSS audit against the following PA-DSS rule:
2.2 Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed), such that only personnel with a legitimate business need can see the full PAN.
This corresponds to section 3.3 of the PCI-DSS rules, p.37 which is probably what you are audited against:
3.3 Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed), such that only personnel with a legitimate business need can see the full PAN.
So while strange to those of us who have been used to the last four digit limit of the past, the first 6 + last 4 rules are now becoming industry standard as it is still secure but allows for the ability to research and verify transactions. In the world of too many credit cards, the last four digits was not *enough* information to be able to uniquely identify a card and so was born the first 6 last 4 combo. You'll probably notice that this is becoming more common on store and restaurant card readers as well.
I hope that helps you soothe any anxieties about the new visibility and world order!
Cheers,
Heather
So - silly question here, but I'm getting asked this a lot lately - is there no way to ever see the entire credit card number, should such a need arise?