Shredding Credit Cards

In Theatre Manager, 'shredding' credit cards means removing the middle 8 digits of a credit card number so that what is stored in the database is only the first four and last four digits of the number: 1234-xxxx-xxxx-1234. Cards stored in this manner cannot be accessed for use (because those 8 digits aren't masked - they really no longer exist). Users can still search the database for a credit card using the first four and last four digits for reporting and transaction history.


There are two choices for 'Shredding' Credit Cards. The first method, Shredding Unused Credit Cards, allows a venue to set the number of days a credit card is stored in the usual encrypted format in the database (and is therefore available for use as a payment method for post-dated payments or in the patron's credit card tab), and then after that period, a card is considered "unused" and is shredded of its middle 8 digits.


The second method, setting the database to Schedule C: Shred Immediately, will shred cards and never store them in the database. This is rarely used, as it may prevent some common or desirable business functions (and maintaining Schedule D: Encrypted Credit Card data, the default PABP/PCI Compliant method will not prevent those functions).

Shredding Unused Credit Cards

this action cannot be undone!

The simplest solution for venues to have a higher degree of security in their database, than that allowed by the PABP/PCI compliant data encryption of the credit card numbers, is to "shred" unused or old credit cards in patron records.

"Shredding" removes the middle 8 digits of the number and renders the card information unusable (as it is stored - you can still swipe or enter the card again in the future with no problem).

To do "shred" a credit card, you perform the following steps:

  1. Open the PCI Security Tab in Setup > System Preferences.
  2. Under Credit Card Management, click the Shred Unused Credit Cards button.

    A dialogue opens, asking for a retention period during which cards are considered active (and therefore, not "unused"). We recommend at least 90 days, 365 as the longest.

  3. Click Shred Cards to immediately shred cards that have not been used in a number of days greater than that set as the retention period.

Schedule C Shred When Used

All the credit card data in theatre Manager is stored using AES256 encryption with rotating keys. An independant company has auditied the safety of the information and practices in theatre Manager to ensure it meets PCI PA/DSS 2.0 storage requirements. Visa has approved Theatre Manager as an application that can accept credit card payments using best practices.

A venue may choose to shred cards immediately after use for added security. This means that full card data is never stored in the database. Voids can only be done using the merchant providers internal token if you have not yet done end of day. After end of day is completed, refunds require you to input the card number again.

Shredding Credit Cards stores only the first and last 4 digits of a credit card number for informational purposes. For example:

When you shred yoiur credit card date the following business capabilities and functions are impacted:

  • You cannot process post dated payments
  • You will not be able to refund using the original payment/credit card number. You will have to ask the patron to give you the number again.
  • You may not be able to refund an entire event using the card used for purchase
  • You will be unable to process automatic season renewal.
  • All existing payment / credit card information within the system is now unavailable.
  • The above are only a few functions that will be impacted.

If your venue wants to shred credit cards after use, you perform the following steps:

  1. Make a complete backup of your Theatre Manager Database just in case you want to change your mind later. Click here for more information on Backing up.
  2. Chose main menu item Setup >> System Preferences.

    The System Preferences window opens.

  3. Click the PCI Security tab.

  4. In the Credit Card Management section, change the radio button to Schedule C: Shred cards immediately after use.

    The first Warning dialog opens.

  5. Click the Yes button.

    The second Warning dialog opens.

  6. Click the Yes button.

    The third Warning dialog opens.

  7. Click the Yes button.

    The fourth Warning dialog opens.

  8. Click the Yes button.

    The Confirmation the data has been shredded data dialog opens.

  9. Click the Yes button.