Theatre Manager provides a few different mechanisms for credit card authorization, along with two modes of operating each option (schedule "C" or Schedule "D" compliance mode). All are PCI PA/DSS 1.2 verified.

It is the client's responsibility to choose an option from those below and contact a processor or aggregator to set up a merchant account. We encourage clients to first advise the Arts Management Sales Team of their choice, as we have contact information for each option that can be used to seamlessly and quickly set up the proper type of account for use with Theatre Manager.

Definitions

There is often confusion between the purpose of a bank, a processor, and an aggregator, and understanding the difference helps make sense of the authorization options available to you.

• Bank: A bank is where the money ends up at the end of the day. If somebody gives you money in any form (cash, check, credit card), you write up deposit slips and take it to the building at the corner on the main street. Banks are bricks-and-mortar companies with charters to write loans, put your money in a safe, etc.
• Processor: A processor is not a bank. Processors are only in the business of authorizing credit cards on behalf of a bank and hold on to the money while it is electronically in transit to your bank. When you do your daily credit card batch settlement, the money in transit is transferred directly to your bank. In North America, there are about 15 major processors such as Paymentech, Nova, 1st Data, Visanet, FMDS, Vital, TSYS, etc. Some banks prefer working with some processors - but generally most processors can get your money to any bank.
• Aggregator: there are numerous (meaning hundreds) of aggregators that will process your card for you. All those aggregators use one of the 15 processing companies. Think of the aggregator as being like an insurance broker... they shop for the best deal with a processor. The processor is the actual company that does the credit card processing for the aggregator.
• Merchant Account: you set up an account with one of the processors or aggregators, who then assigns to you a merchant number. The merchant number accompanies transactions submitted to the processor and identifies (1) who should get the money, ie. you, and (2) which bank account the money gets deposited to.

The reason that processors and banks are separate is historical. Banks started as local or regional entities in the USA. Most were not big enough to handle the infrastructure of authorizing credit cards. When cards became very popular in the 70's, they farmed out the business of authorizing cards to a processor as an economical means of providing cards to their customers without the expense of hosting large computer centres.

Processors provide the infrastructure to authorize cards and then deposit YOUR funds in ANY bank.

Paymentech Orbital™ Authorize.net™ Moneris™ Elavon™

These options for credit card authorization allow the venue to connect directly to one of the major processors in the world - and avoid installing middleware like PCCharge. Theatre Manager talks directly to the processor over a secure https connection who talks to your bank and places money in it at the end of the day. These online processors are able to manage multiple authorizations at once, making for a faster and smoother buying experience both for direct Theatre Manager users and for patrons buying online.

PCCharge™

This option requires that a middleware credit card server called PCCharge be installed on Windows machine behind the DMZ. A venue needs to set up a merchant account with one of the 15 +/- supported processors (Paymentech, Elavon and Moneris are three of them). Installation is done using the standard PCCharge™ installers following the PCCharge™ Secure Implementation Guide.

System Flow

With either type solution, the money always gets to your bank account. You enter or swipe the card information into Theatre Manager and it sends all the correct information to the appropriate service provider. The primary difference is that with the middleware PCCharge™, there are a few more potential points of failure in the communication chain - a TCP error at any point can cause Theatre Manager and the bank to see different things. It's not too critical as the difference is made obvious in the end of day process, and you can then go off and find (and correct) it. But it takes time. The following illustrates the difference in flow of the authorization. In any case, a merchant has to maintain a PCI-compliant office setup.

Advantages and Disadvantages

	Pro	Con
Paymentech, Authorize.net, Moneris, Elavon	supports CVV2 and address verification in USA AND Canada (Paymentech and Elavon) supports mutliple simultaneous credit card authorization which is more suitable for web sales, concert onsales spikes or large volume venues. faster authorizations (generally under 1 second) direct connection to processor (one less software component to manage for PCI compliance needed as there is no local database) Always PCI compliant with no action required by you for Mac only venues, no 'black box' PC is required view card batches online from anywhere can be set up for easier remote authorizations world wide direct authorization capabilities - in 158 countries	small monthly fee Paymentech only operates as 'card not present' (means address verification and CVV2 only) Moneris is only available at this time in Canada Authorize.net is only available at this time in the US
PCCharge	supports CVV2, address verification and sending track II information connect to any number of service providers - North America only	does one authoriztion at a time slower authorizations (approx 3 to 4 seconds) user must access the PCCharge server to view batch history some maintenance required to mange passwords and compress the pccw.mdb file when it reaches a threshold software upgrade every 2 years to meet ongoing PCI PA-DSS compliance when Visa changes PCI requirements