You are here

Merchant Profiles

Subscribe to Syndicate

Merchant Profiles are for organizations who are concerned with PCI compliance and wish (or are required to) maintain a PCI Schedule-C compliance within Theatre Manager.

Using Merchant Profiles reduces the exposure risk by maintaining full credit card information directly on the merchant provider's secure PCI-certified servers without having the requirement to store and maintain credit card numbers within Theatre Manager's database. Using Merchant Profiles in a PCI Schedule-C setup, allow full access to Theatre Manager's features such as Post-Dated Payments, Recurring Donations, and the Auto-Renew Season Subscriptions which would typically require a credit card number to be kept on file for each subsequent payment.

Parts of the Profiles Tab

Enable Profiles Indicates if this merchant provider account has been enabled to store credit card payment profiles on the merchant account's server.

Merchant Profiles must first be activated by your merchant provider for your merchant account before it can be used within Theatre Manager. Contact your merchant provider customer support representative to enable the option prior to enabling it in Theatre Manager.

Profiles API Login Key
The secure API Key used to access credit card profiles on the merchant provider's server.

This field is not required for all merchant providers It will only be enabled if its required.

Refer to Direct Credit Card Processing Options for merchant provider specific setup information on the Profiles API Login Key requirements.

Profiles API URL The IP Address to use to access the Credit Card Profiles on the merchant provider's server.

This field is not required for all merchant providers It will only be enabled if its required.

Refer to Direct Credit Card Processing Options for merchant provider specific setup information on the Profiles API URL requirements.

If necessary, you can manage the Customer Credit Card profiles for this merchant. This will not alter the 'credit card' information that has been saved in Theatre Manager It is used to maintain the 'credit card profile' for each of your customers that has been saved to your merchant's PCI-certified secure servers from Theatre Manager. This can be used to cross reference and match the information between the two systems.
As part of a conversoin or initialization process, you can Create Customer Credit Card Profiles for this merchant from existing credit card information saved in Theatre Manager. It is used to create the initial 'customer credit card profile' and save it to your merchant's PCI-certified secure servers.


How Does This Work?

Merchant Profiles allows you to store credit card numbers directly with your merchant provider, on their servers, and then access those saved credit card numbers at any time for subsequent processing without the cardholder being present.

  • During the first interaction using the customer's credit card, the credit card number and limited customer information is transmitted and saved on your merchant provider's server.
  • A unique token/key is returned from your merchant provider and stored encrypted within Theatre Manager in replacement of the customer's full credit card number profile.
  • Future interactions with the customer such as Post-Dated Payments, Recurring Donations, and the Auto-Renew Season Subscriptions, would then transmit the saved token/key rather than the full credit card number during the authorization process.
  • Your merchant provider would then cross-reference this token/key to the actual credit card number during the authorization process within their own systems. At no time is the full credit card number displayed or directly visible during the authorization process.

A merchant provider may charge service fees or fixed costs for using this service to offset associated costs with maintaining customer and credit card information on their servers. Contact your merchant provider customer support representative to determine if there will be any additional fees to your organization.



What are the Benefits and Why Should I Use Profiles?

  • Merchant Profiles are for organizations who are concerned with PCI compliance and wish (or are required to) maintain a PCI Schedule-C compliance within Theatre Manager.
  • Mitigate the cost and risk of storing customer account data by keeping cardholder profiles in a secure, external database maintained by your merchant provider. This can help you reduce the risk of keeping cardholder data in-house and support your Payment Card Industry (PCI) compliance initiatives by protecting data at-rest.
  • Saves time by eliminating the need to rekey a card account number and expiration date for each transaction.
  • Allows your organization to make the changeover from Schedule-D to Schedule-C PCI Settings while retaining virturally all Theatre Manager's benefits as if still functioning in a Schedule-D environment.
  • For clients currently operating in a Schedule-C environment, enabling merchant profiles would allow future interactions with our customers for Post-Dated Payments, Recurring Donations, and Auto-Renew Season Subscriptions.
  • For clients who wish to remain in a Schedule-D environment, previously used credit card numbers are masked to the box office staff members during the payment process. Providing further protection from anyone accessing a patron's full digit card number.

    A masked card means that it will be displayed in the payment window as '#### **** **** ####'. This renders the PAN useless for all purposes. However, given the first 4 and last 4 digits of any card, you can still validate you're using the correct merchant profile for authorizing the card.

  • For clients who wish to remain in a Schedule-D environment, the function of storing previously used encrypted credit card information will remain the same - even with merchant profiles enabled. Using merchant profiles would add another layer of security protection to the full digit card number from being displayed or accessed.


What Will I See Differently in Theatre Manager?

If your PCI Settings are set to Schedule C to shred cards immediately after use:

  • You will not notice much difference at all from what you see now. What the box office will benefit from is the ability to create and maintain future interactions with the customer such as Post-Dated Payments, Recurring Donations, and the Auto-Renew Season Subscriptions, would then transmit the saved token/key rather than the full credit card number during the authorization process.
  • If your settings are to default the last used credit card for a patron, you will now see a masked the credit card number default for patrons who have previously purchased. The masked number is ok to accept as is for payments without changing it. The payment will use the merchant profile that was created for that credit card number.

If your PCI Settings are set to Schedule D to retain encrypted credit card data in Theatre Manager:

  • The main change you will realize is that Theatre Manager will protect any known credit cards for patrons by only displaying merchant profile for a patron. Initially, it will appear as if all credit cards are missing from Theatre Manager, however, they still exist. They are in the background if access to them is required. After using the function to build merchant profiles for known credit cards, the transition to using merchant profiles will more seamless.
  • If your settings are to default the last used credit card for a patron, rather then displaying the full set of credit card digits, it will mask the credit card number for patrons who have previously purchased. The masked number is ok to accept as is for payments without changing it. The payment will use the merchant profile that was created for that credit card number.
  • During the payment process, if you're searching for known credit cards for a patron, it will only display credit cards that have a merchant profile created for it. Although Theatre Manager may have the credit card on file, if there is no merchant profile created for it, it will not display. If this is a concern, use the function to build merchant profiles for known credit cards, the transition to using merchant profiles will more seamless.


Steps to Start Using Merchant Profiles

  1. Contact your merchant provider representative and have them enable the module "Customer Payment Profiles" (*read the stop sign below*) on your merchant account.

    Each merchant provider has its own unique name for the setup and maintaining of "Customer Payment Profiles." When talking with your merchant provider, use the following name to describe the feature you'll be activating:

    • Authorize.Net - use the feature name Customer Profiles
    • Bambora - use the feature name Payment Profiles (Theatre Manager's interface with Bambora to maintain Merchant Profiles is currently under development).
    • Elavon - use the feature name Card Manager Transactions
    • Moneris - use the feature name Hosted Vault
    • Paymentech Oribital - use the feature name Customer Profile Management

  2. After contacting your merchant provider representative and they have confirmed "Customer Payment Profiles" has been enabled on your merchant account:
    • set Enable Profiles to "active" to activate the feature within Theatre Manager.
    • For Authorize.Net - set the Profiles API URL.
    • For Bambora - set the Profiles API Logon Key anbd the Profiles API URL.
  3. Save the change to the merchant information.
  4. Log out of Theatre Manager.
  5. Log into Theatre Manager to start processing credit cards as normal. Customer Payment Profiles will start to be created automatically for each credit card processed.


Steps to Verify if Merchant Profiles are Being Created

  1. Follow the steps for Accessing the Merchant Profiles Customer List to view a patron's payment profile.
  2. If a profile exists, Theatre Manager and your merchant provider are functioning correctly.
  3. If there are no profiles, contact Arts Management Support to review your Merchant Profile Setup.


Can I Stop Using Merchant Profiles?

Yes, at any time. All pre-existing merchant profiles will remain within Theatre Manager's database for future use if merchant profiles is re-enabled for this merchant account.

If your PCI Settings are set to Schedule D to retain encrypted credit card data in Theatre Manager, and if you process any new credit cards while the Enable Profiles is inactive, a merchant profile will not be created. If you choose to Enable Profiles later on, it is suggested using the function to build merchant profiles for known credit cards, to make the transition back to using merchant profiles more seamless.

If your PCI Settings are set to Schedule C to shred cards immediately after use, and if you process any new credit cards while the Enable Profiles is inactive, a merchant profile will not be created. If you choose to Enable Profiles later on, you will require the full credit card number again before processing another new payment for that patron's credit card.

  1. Set the Enable Profiles flag to "inactive" to stop the feature within Theatre Manager. This will only inactivate it within Theatre Manager.
  2. Save the change to the merchant information.
  3. Log out of Theatre Manager.
  4. Log into Theatre Manager to start processing credit cards as normal. Customer Payment Profiles will no longer be displayed or created automatically for each credit card processed.


If I change Merchant Providers, will the Existing Merchant Profiles continue to work with the New Provider?

No. The Customer Payment Profile's created by the merchant provider are uniquely linked to that merchant provider and your merchant account number. Customer Payment Profiles cannot be shared between different providers or accounts.