Does anyone have any tips on how to refund credit cards (we don't store them) when Box office staff is working remotely? We are preparing for Shelter in place mandate to come so the 2 staff members that alternate going into the office to focus on credit card refunds may no longer be able to go in.
Seems like it wouldn't be PCI compliant to have staff taking credit cards in their home to process refunds.
Hi Rosa,
The best place to start is using the Refund Prior Payments functionality. Have you used it before? Once connected to your Tessitura system in a secure manner, discussed on our business continuity page, the Refund Prior Payments feature is the most secure method to process a refund, because it does not handle the credit card number, token, or other sensitive card data.
Depending on your payment provider and time since the original charge was processed, this feature does have some technical limitations, but it's the best place to start.
-Michael Flaherty-Wilcox, Tessitura Network
We use the Refund Prior Payments functionality, but I would be interested how other organizations are solving for debit cards or transactions more than 45 days old. I think having staff take card info from their personal phone is technically PCI compliant, but it feels very... weird.
Thanks! We do use that but the bulk of our tickets were sold to subscribers a year ago so we don't have that info. Does anyone have any ideas of how to handle refunds that extend beyond the 45 day window to use the "refund prior pay method button". It seems like it wouldn't be PCI compliant for a staff member to take a cc number in their home but perhaps I am overthinking it?
The biggest hurdle with PCI compliance is making sure that you have a secure exterior number pad that can connect to the computer at home. That will encrypt the cc number so the full number never enters the computer. We were able to get a couple of those home to our full-time team, and are doing the refunds in that way. We explored taking our work phones home and connecting them there, but it seemed ultimately easier to use cell phones, which my IT department assured me was PCI compliant. We are contacting people ahead of time to let them know to expect our phone numbers. I agree with Casey that it does feel weird to use cell phones, but that is our solution for now!
Luckily most of our orders were within 45 days, or ticketbuyers decided to donate the money back.
Liz
Hello!
We've done the same with credit card terminals at a couple employee homes.
As far as phones go, the system we are on has let us install our phones on our computers so we can make and receive calls that way. For other staff calling patrons back, we have suggested using google voice or a similar program that can mask a phone number. It prevents a bunch of customers from getting personal phone numbers and we're able to have the call appear to come from a local area code.
Staff taking calls and getting credit card numbers, but don't have terminals, are calling staff with terminals to process the refunds at the end of the day and then using shredders at home to destroy the information right away.
It can be time-consuming but it's better than having only one or two people able to talk to customers about their refunds.
Stay strong everyone!
Christina