PCI Questions

Sean Pinto $organization over 15 years ago

Hello everyone,

We may be a little behind the curve on this one but our team is really trying to nail down our organization with respect to the PCI specification. With respect to Requirement 3 (cardholder data) I was wondering how everyone else is handling this. More specifically:

-How long are you holding onto the full credit card #s?

-Who has access?

-What is your purge process and how often?

-Does anyone do a purge of the credit card number but keep the last 4 for later reference or something similar?

I also wonder if anyone might have already developed a tool/script for removing or putting in dummy CC# in their Test system as part of their copy-down proceedure.

Any and all tips and comments are welcome.

Thanks to everyone in advance!

Sean Pinto

Center Theatre Group

213.972.7292

spinto@ctgla.org

Parents

Marty Jones $organization over 15 years ago

We purge CC# after 12 months of non use,

Only Tessitura Administrators have access to the full number and this is only because we can't turn this off in security for Administrators.

We use Tessitura's Purge process in reports and utilities/Data Management/Purge Credit Card Account Data

We do not keep the last 4 after purge, We really just don't need them after 12 months.

I am sure that during the Live to Test copy, you could run the "Purge Credit Card..." procedure to remove the Credit card numbers.

Hope this helps.

Marty Jones

Database Administrator

Omaha Performing Arts
1200 Douglas Street

Omaha, Nebraska 68102

P 402.661.8469 | F 402.345.0222

Marty.Jones@omahaperformingarts.org

www.omahaperformingarts.org

For tickets, call Ticket Omaha at 402.345.0606

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Sean Pinto
Sent: Wednesday, September 01, 2010 12:11 PM
To: Martin A. Jones
Subject: [Tessitura Technical Forum] PCI Questions

Hello everyone,

We may be a little behind the curve on this one but our team is really trying to nail down our organization with respect to the PCI specification. With respect to Requirement 3 (cardholder data) I was wondering how everyone else is handling this. More specifically:

-How long are you holding onto the full credit card #s?

-Who has access?

-What is your purge process and how often?

-Does anyone do a purge of the credit card number but keep the last 4 for later reference or something similar?

I also wonder if anyone might have already developed a tool/script for removing or putting in dummy CC# in their Test system as part of their copy-down proceedure.

Any and all tips and comments are welcome.

Thanks to everyone in advance!

Sean Pinto

Center Theatre Group

213.972.7292

spinto@ctgla.org

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Reply

Marty Jones $organization over 15 years ago

We purge CC# after 12 months of non use,

Only Tessitura Administrators have access to the full number and this is only because we can't turn this off in security for Administrators.

We use Tessitura's Purge process in reports and utilities/Data Management/Purge Credit Card Account Data

We do not keep the last 4 after purge, We really just don't need them after 12 months.

I am sure that during the Live to Test copy, you could run the "Purge Credit Card..." procedure to remove the Credit card numbers.

Hope this helps.

Marty Jones

Database Administrator

Omaha Performing Arts
1200 Douglas Street

Omaha, Nebraska 68102

P 402.661.8469 | F 402.345.0222

Marty.Jones@omahaperformingarts.org

www.omahaperformingarts.org

For tickets, call Ticket Omaha at 402.345.0606

From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Sean Pinto
Sent: Wednesday, September 01, 2010 12:11 PM
To: Martin A. Jones
Subject: [Tessitura Technical Forum] PCI Questions

Hello everyone,

We may be a little behind the curve on this one but our team is really trying to nail down our organization with respect to the PCI specification. With respect to Requirement 3 (cardholder data) I was wondering how everyone else is handling this. More specifically:

-How long are you holding onto the full credit card #s?

-Who has access?

-What is your purge process and how often?

-Does anyone do a purge of the credit card number but keep the last 4 for later reference or something similar?

I also wonder if anyone might have already developed a tool/script for removing or putting in dummy CC# in their Test system as part of their copy-down proceedure.

Any and all tips and comments are welcome.

Thanks to everyone in advance!

Sean Pinto

Center Theatre Group

213.972.7292

spinto@ctgla.org

This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel

Children

No Data