Hi Lou,
Tokenization is what you need and that can be done without the card ever hitting Tessitura; dealing with recurring payments is one key use case for tokenization.
This image provides a good visual on how it works (source: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2015/03/PoSRAMScrapers4.png):
In a nutshell, Vantiv receives the encrypted cardholder data (and they hold the key to unlock it), they issue a token, and then that token is returned and stored in the Tessitura database. I hope this helps!
Thanks,
David
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Lou Ambrose Sent: Wednesday, February 8, 2017 2:56 PM To: David Frederick <DFrederick@scfta.org> Subject: [Tessitura Technical Forum] Encrypted card devices and recurring payments
We are a RAMP client and are looking at our PCI scope. We thought that installing encrypted card readers and keypads would reduce our scope. I have just been in contact with support and found out that encrypted devices never store the credit card number in the Tessitura databese. It goes directly to Vantiv. This is great for PCI, but means that there is no credit card in Tessitura to use for monthly membership billing. A credit card has to be in the Tessitura database before it can be tokenized, so tokenization does not solve this problem either. Our IT guy wants to know what other organizations are doing about this. Any help? Thanks.
This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!