In Theatre Manager, 'shredding' credit cards means removing the middle 8 digits of a credit card number so that what is stored in the database is only the first four and last four digits of the number: 1234-xxxx-xxxx-1234. Cards stored in this manner cannot be accessed for use (because those 8 digits aren't masked - they really no longer exist). Users can still search the database for a credit card using the first four and last four digits for reporting and transaction history.
There are two choices for 'Shredding' Credit Cards. The first method, Shredding Unused Credit Cards, allows a venue to set the number of days a credit card is stored in the usual encrypted format in the database (and is therefore available for use as a payment method for post-dated payments or in the patron's credit card tab), and then after that period, a card is considered "unused" and is shredded of its middle 8 digits.
The second method, setting the database to Schedule C: Shred Immediately, will shred cards and never store them in the database. This is rarely used, as it may prevent some common or desirable business functions (and maintaining Schedule D: Encrypted Credit Card data, the default PABP/PCI Compliant method will not prevent those functions).
this action cannot be undone! |
The simplest solution for venues to have a higher degree of security in their database, than that allowed by the PABP/PCI compliant data encryption of the credit card numbers, is to "shred" unused or old credit cards in patron records.
"Shredding" removes the middle 8 digits of the number and renders the card information unusable (as it is stored - you can still swipe or enter the card again in the future with no problem).To do "shred" a credit card, you perform the following steps:
A dialogue opens, asking for a retention period during which cards are considered active (and therefore, not "unused"). We recommend at least 90 days, 365 as the longest.
All the credit card data in theatre Manager is stored using AES256 encryption with rotating keys. An independant company has auditied the safety of the information and practices in theatre Manager to ensure it meets PCI PA/DSS 2.0 storage requirements. Visa has approved Theatre Manager as an application that can accept credit card payments using best practices. |
A venue may choose to shred cards immediately after use for added security. This means that full card data is never stored in the database. Voids can only be done using the merchant providers internal token if you have not yet done end of day. After end of day is completed, refunds require you to input the card number again.
Shredding Credit Cards stores only the first and last 4 digits of a credit card number for informational purposes. For example:
When you shred yoiur credit card date the following business capabilities and functions are impacted:
The above are only a few functions that will be impacted.
If your venue wants to shred credit cards after use, you perform the following steps:
The System Preferences window opens.
The first Warning dialog opens.
The second Warning dialog opens.
The third Warning dialog opens.
The fourth Warning dialog opens.
The Confirmation the data has been shredded data dialog opens.