There was recently a case at another theatre of an employee issuing fraudulent ticket returns and refunds, and we are looking into ways to both: detect if something like this occurs and how to prevent it from happening in the first place. From what we understand, someone was able to refund ticket purchases to a different credit card than was used to purchase the tickets. The refunded card does not have to belong to the constituent - this person used that to refund to their own credit card.
Our first thought was that perhaps there is a way to only allow refunds to the credit cards that purchased the order. There are situations where we would need to change that though, such as with a cancelled card.
The other problem is how to track things like this if they happen. Currently we keep an eye on returned amounts when posting batches, but there is probably a better way of doing that. I’m thinking of writing a report that gives all refunds issued over a period, and which Tessitura user issued them. We might be able to detect concerning patterns that way. My worry is that if someone were to do this in small amounts over a long period of time we might not notice for a while. We also just did a little test and it seems that the mechanics of refunding to another credit card are pretty simple - anyone who has a little experience with Tessitura could probably do it.
Has anyone else heard of something like this happening? Any solutions that people have come up with or would suggest?