You are here

Misc PCI Requirements

Subscribe to Syndicate
The following section documents some of the final miscellaneous additional PCI compliance requirements that merchants will need to know or be aware of. These are presented here as 'things to do or know about' because they are not relevant in other parts of the installation guide.

Please use these as ticklers to yourself.

If card data is to be transmitted over a public network (i.e. outside your firewall), it must be sent using secure encryption technology like IPSEC, VPN or via TLS per PCI DSS 4.1.
Do not send any credit card data 'in the clear' such as pasting a card number into an email, or into an IM per PCI DSS 4.2 unless you are using secure encryption with these messaging technologies. Do not encourage customers to send card numbers, CVV2 numbers, name, expiry dates, or any other such data to you via the same technologies.

Theatre Manager does not provide this feature due to PCI compliance and only presents the final 4 characters to users for this reason.

If you are upgrading from a prior system that might have had unencrypted credit card information, you must throw that data into the trash and secure erase it with a tool like ERASER (free) on the PC or use File Menu -> Secure Erase on Mac.