A Merchant's PCI compliance is obtained by setting up the network and office policies in the appropriate manner and following a few simple rules (green in the diagram). This is required regardless of software used to process credit cards and can generally be done at reasonable cost.

The software or hardware provided by any vendor is only a portion of the merchant's ability to meet PCI compliance. Software provided by vendors must meet the PABP 1.4 standard prior to Sept 2010 and the PA DSS 1.2 standard after that date (red) to assist the merchant meet overall PCI compliance.

Meeting compliance requires some due diligence and is determined by the PCI compliance level your organizations needs to attain. Unless you are using old fashioned dial up credit card authorization terminals, the minimum level for Face-to-Face merchants is Schedule C.

The life cycle of a standard provided by the PCI Security Standards Council is approximately every 2 years.

The following table illustrates a brief historical summary of Theatre Manager PCI compliance

Version	Standard	Status	Action
6	**Self Assessed	implements most of PCI security features including medium card encryption and should not be considered PCI compliant.	Upgrade to version 9 ASAP
7	**Self Assessed	implements almost all standards required of PABP 1.4, including high encryption of cards and does not store any track II or CVV2 information. However, this version is neither audited nor certified.
8	PABP 1.4	meets the PABP 1.4 standard and was certified in Oct 2008. Please refer to our certificate and approval by Visa - page 6.
9	PCI PA/DSS 1.2	Meets the PCI PA/DSS 1.2 standard and approved by the PCI council in Dec 2010.	Upgrade by Jan, 2011

** Please note: PCI requirements have changed over the years. At one time, the PCI security council required that vendors of software 'self assess' that they have followed the guidelines. At Arts Management, we have always taken card security and privacy of information seriously and implemented many PCI features before there were published rules. That is why we felt able to meet the self assessment criteria in force at the time. However, there is a much greater need for security than ever before and we encourage merchants to fulfill their obligations to merchant agreements and upgrade to the 'certified' versions of Theatre Manager - which have been audited by external companies as meeting all the rules in effect at the time of the audit.