• Replies 10 replies
  • Subscribers 337 subscribers
  • Views 73 views
  • Users 0 members are here
Related

Encrypted card devices and recurring payments

Lou Ambrose
$organization
We are a RAMP client and are looking at our PCI scope. We thought that installing encrypted card readers and keypads would reduce our scope. I have just been in contact with support and found out that encrypted devices never store the credit card number in the Tessitura databese. It goes directly to Vantiv. This is great for PCI, but means that there is no credit card in Tessitura to use for monthly membership billing. A credit card has to be in the Tessitura database before it can be tokenized, so tokenization does not solve this problem either. Our IT guy wants to know what other organizations are doing about this. Any help? Thanks.
Parents
  • Former Member
    Former Member $organization

    Typo…first sentence should say

     

    when you add a credit card to a customer’s account, you are “storing credit card data” in PCI terms

     

    I had inserted the word “not” but you actually are storing when you enter the card in manually. Unless you then tokenize them with the utility.

     

    From: Gloria Ormsby
    Sent: Thursday, February 09, 2017 3:35 PM
    To: 'Tessitura Technical Forum' <forums-technical@tessituranetwork.com>
    Subject: RE: [Tessitura Technical Forum] Encrypted card devices and recurring payments

     

    FYI…when you add a credit card to a customer’s account, you are not “storing credit card data” in PCI terms. That affects your scope. But the biggest thing that affects the scope is the method of sale. The PCI questionnaires are determined by HOW you process credit cards. There are questionnaires for online only, phone and mail only, but not one that is for both. That means you have to do Questionnaire D which is the longest one. However, if you are using tokens AND not storing any credit card data, then you can skip a lot of those questions.

     

     

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Brian Parker
    Sent: Thursday, February 09, 2017 1:55 PM
    To: Gloria Ormsby <gormsby@flynncenter.org>
    Subject: Re: [Tessitura Technical Forum] Encrypted card devices and recurring payments

     

    Lou,

    We are also a RAMP client and when we manually enter a credit card for a gift or payment, the credit card information is stored on the constituent's record.

    We are able to create payment schedules which use the credit card on the constituent's record to process payments against a pledge on any kind of schedule.

    This is PCI compliant because six digits of the credit card number are anonymized in the Transactions tab -> Credit Cards radio button in Tessitura; plus, only authorized users accessing the database through a RAMP login, the RAMP token, and Tessitura login can get in.

    Let me know if I can better explain anything here.

    Thank you,

    Brian

    From: Lou Ambrose <bounce-louambrose6123@tessituranetwork.com>
    Sent: 2/8/2017 5:41:06 PM

    We are a RAMP client and are looking at our PCI scope. We thought that installing encrypted card readers and keypads would reduce our scope. I have just been in contact with support and found out that encrypted devices never store the credit card number in the Tessitura databese. It goes directly to Vantiv. This is great for PCI, but means that there is no credit card in Tessitura to use for monthly membership billing. A credit card has to be in the Tessitura database before it can be tokenized, so tokenization does not solve this problem either. Our IT guy wants to know what other organizations are doing about this. Any help? Thanks.




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

Reply
  • Former Member
    Former Member $organization

    Typo…first sentence should say

     

    when you add a credit card to a customer’s account, you are “storing credit card data” in PCI terms

     

    I had inserted the word “not” but you actually are storing when you enter the card in manually. Unless you then tokenize them with the utility.

     

    From: Gloria Ormsby
    Sent: Thursday, February 09, 2017 3:35 PM
    To: 'Tessitura Technical Forum' <forums-technical@tessituranetwork.com>
    Subject: RE: [Tessitura Technical Forum] Encrypted card devices and recurring payments

     

    FYI…when you add a credit card to a customer’s account, you are not “storing credit card data” in PCI terms. That affects your scope. But the biggest thing that affects the scope is the method of sale. The PCI questionnaires are determined by HOW you process credit cards. There are questionnaires for online only, phone and mail only, but not one that is for both. That means you have to do Questionnaire D which is the longest one. However, if you are using tokens AND not storing any credit card data, then you can skip a lot of those questions.

     

     

     

    From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Brian Parker
    Sent: Thursday, February 09, 2017 1:55 PM
    To: Gloria Ormsby <gormsby@flynncenter.org>
    Subject: Re: [Tessitura Technical Forum] Encrypted card devices and recurring payments

     

    Lou,

    We are also a RAMP client and when we manually enter a credit card for a gift or payment, the credit card information is stored on the constituent's record.

    We are able to create payment schedules which use the credit card on the constituent's record to process payments against a pledge on any kind of schedule.

    This is PCI compliant because six digits of the credit card number are anonymized in the Transactions tab -> Credit Cards radio button in Tessitura; plus, only authorized users accessing the database through a RAMP login, the RAMP token, and Tessitura login can get in.

    Let me know if I can better explain anything here.

    Thank you,

    Brian

    From: Lou Ambrose <bounce-louambrose6123@tessituranetwork.com>
    Sent: 2/8/2017 5:41:06 PM

    We are a RAMP client and are looking at our PCI scope. We thought that installing encrypted card readers and keypads would reduce our scope. I have just been in contact with support and found out that encrypted devices never store the credit card number in the Tessitura databese. It goes directly to Vantiv. This is great for PCI, but means that there is no credit card in Tessitura to use for monthly membership billing. A credit card has to be in the Tessitura database before it can be tokenized, so tokenization does not solve this problem either. Our IT guy wants to know what other organizations are doing about this. Any help? Thanks.




    This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!

Children