Main menu
You are here
CVV2 requirement and possible effect on post dated payments
 |
Since the vast majority of credit card transactions are real time with a CVV2, most venues will see limited effect for 99% of credit card authorizations:
It will affect:
|
Setting your ONLINE MERCHANT SETUP to NOT require CVV2
Since Theatre Manager does not store CVV2 data (per PCI compliance), it cannot send CVV2 for post dated payments. You have two ways to address this:
- Turn OFF CVV2 requirements for your merchant account AT THE BANK
- Log in to your ONLINE merchant profile and
- Turn off CVV2 requirements at your merchant
- Leave CVV2 as a requirement in TM's merchant setup
- Authorize the post dated payment in end of day.
- This means TM will send one if it has one (for first time authorizations), and the bank will accept a charge if it does not (post dated payments)
- Use Theatre Manager's feature that supports Merchant Profiles
- This is a feature where you initially send all the credit card data to the bank
- The bank returns a token to Theatre Manager, which is stored in the database
- From that point on, Theatre Manager will use the token for pst dated payments, eliminating the need to store the credit card
- This works because the token uniquely identifies the merchnat (you), the patron, and a specific card
Setting Theatre Manager to Require CVV2
Theatre Manager has sent CVV2 numbers for many years. Please confirm the following three settings for your venue:
- 'Send CVV2'/CID number is checked in the merchant profile >Authorization Tab.
- Require Credit Card CID/CCV2 is checked for all credit cards payment methods
- Each employee's security setting in the Employee Access->Function tab is unchecked so that CVV2 is no longer optional for that employee. Since this can't be set for master users, a future update to TM will be forthcoming.
Effect of CVV2 on Emergency Mode
Theatre Manager's Emergency Mode was designed for situations where the credit card company's processing was down or not available. This requirement for CVV2 (plus the inability to store it) means that the Credit Card companies are now requiring Real Time Authorizations. It means they prevent you from running your venue in the event that the merchant provider is down.
Effect of CVV2 on Post Dated Payments
According to an email from Bambora, this appears to directly affect recurring payments. Theatre Manager does not store CVV2 data (per PCI requirement 3.3).
This likely means that trying to authorize a Post Dated Payment or creating a recurring donation will see those payments rejected at some time in the future.
How will Theatre Manager respond to Post Dated Payments?
We have felt for a long time that the unstated direction of the bank industry was elimination of card data storage at a merchant. It is fortunate that we anticipated this as have a project underway to migrate patron card information to the bank and use tokenization instead. Effectively, this means:
- When a patron use a card for the first time, TM will direct your merchant processor to store the card data and provide Theatre Manager a unique token for that card
- If you are setting up post dated payments, TM will then refer to the patrons token at the bank for future authorizations - which is consistent with the Bambora statement
How will switching merchant providers affect Tokenized Post Dated Payments?
If the post dated payment token is stored at the merchant processor and is unique to your merchant account, it adds a step when switching from one merchant provider to another. You will need to keep your old merchant account active until all future post dated payments set up for your original merchant provider are completed and authorized.