You are here

PCI Compliance

Subscribe to Syndicate
A Merchant's PCI compliance is obtained by setting up the network and office policies in the appropriate manner and following a few simple rules (green in the diagram). This is required regardless of software used to process credit cards and can generally be done at reasonable cost.

The software or hardware provided by any vendor is only a portion of the merchant's ability to meet PCI compliance. Software provided by vendors must meet the prevailing PCI PA-DSS standard to assist the merchant meet overall PCI compliance.

Meeting compliance requires some due diligence and is determined by the PCI compliance level guideline your organization needs to attain.

Depending on how your venue processes transactions, your venue can be Schedule 'A', 'B','C', or 'D'.

The life cycle of a standard provided by the PCI Security Standards Council is approximately every 2 to 3 years. Once approved at a standard, it is valid even though future standards are being worked on.

The following table illustrates a brief historical summary of Theatre Manager PCI compliance

Version Standard Status Action
10.06 PCI PA/DSS 3.1 Theatre Manager verison 10.06.zz has been reviewed for its PCI PA/DSS 3.1 audit as part of the 3 year cycle.

The audit took place in Oct 2015 the final document was approved by the PCI council with an expiry date of Oct 28, 2019 for new installations. The image to the left is from the PCI council's web site of validated applications. Search for Arts Management.

Upgrade Oct 2015
10.02 PCI PA/DSS 2.0 Theatre Manager verison 10.02 was has been reviewed for its PCI PA/DSS 2.0 audit as part of the annual change cycle.

The audit took place in Oct 2014 the final document was approved by the PCI council.

All vendors are required to tell you this.

Upgrade Oct 2014.
10.00 PCI PA/DSS 2.0 Theatre Manager verison 10 has been reviewed for its PCI PA/DSS 2.0 audit as part of the 3 year cycle.

The audit took place in July 2013 the final document was approved by the PCI council in October 2013. The image to the left is from the PCI council's web site of validated applications. Search for Arts Management.

All vendors are required to tell you this.

Upgrade Oct 2013.
9 PCI PA/DSS 1.2 Meets the PCI PA/DSS 1.2 standard and approved by the PCI council in Dec 2010. Upgrade to version 9 ASAP
8 PABP 1.4 meets the PABP 1.4 standard and was certified in Oct 2008. Please refer to our certificate and approval by Visa - page 6.
7 **Self Assessed in 2006 implements the standards required of PABP 1.4 (as of 2006), including 3DES high encryption of cards and does not store any track II or CVV2 information. However, this version is neither audited nor certified by an external vendor (not a requirement from the PCI council at the time). Version 7 has name security measures as version 8 and was simply renamed version 8 as part of the audit.
6 **Self Assessed in 2003 implements almost all PCI security features in effect at the time (early 2000's). Card encryption is DES and it does not track CVV2 information. However, version 6 should not be considered PCI compliant.

** Please note: PCI requirements have changed over the years. At one time, the PCI security council required that vendors of software 'self assess' that they have followed the guidelines. At Arts Management, we have always taken card security and privacy of information seriously and implemented many PCI features before there were published rules. That is why we felt able to meet the self assessment criteria in force at the time. However, there is a much greater need for security than ever before and we encourage merchants to fulfill their obligations to merchant agreements and upgrade to the 'certified' versions of Theatre Manager - which have been audited by external companies as meeting all the rules in effect at the time of the audit.