|
You must at least visit the 'Functions' tab and make sure that any of the privileges that say 'Credit Card' in the second column are all unchecked to start with. Then enable those that you wish the user to have. Creating any new normal user will default to a 'deny-all' setting per PCI DSS 7.2
All existing users can be easily reset to the 'deny-all' at one button click (see below)
|
Click on the 'Data' and 'Functions' tab and make any changes to the employee's access that you wish. To reset this employee to the standard 'deny-all' access to credit cards, click the lock on the toolbar. Two you may consider overriding relatively safely are:
- 'Allow empty CID even if required for credit card payments'. If this is unchecked, the user must ask the customer for a CID/CVV2 number on the back of the credit card if it is required for the credit card type or by the processor. If your service provider does not accept or check CVV2 data, you may need to check this. You may also want to check this for at least one of the box office supervisory personnel who can then provide an operator over-ride to any other user if need be.
- 'Able to Search for Patron using a card number'. This should be checked for a finance position or a box office supervisor so that a patron can be found when all we are given is the credit card number - such as in the case of charge backs. When searching for a patron by credit card, only the first 4 and last 4 digits in the care are required for a search.
You can do reset all employees with non-administrative access at one time by selecting them all on the list of employees and clicking the 'PCI' button.