Changing the Cryptography for Credit Cards

Credit cards stored in a database must be encrypted using a key that is distinct to the venue per PCI DSS standard 3.6. This must occur: Immediately after the initial implementation and data conversion has taken place on a minimum of an annual basis. If the procedure is not invoked manually, it will be done automatically during any upgrade. if there is any suspected security breach at the organization

To change the cryptography of credit card information at any time:

• Log in as Master User
• Go to the System Preferences->Security Tab
• Click 'Change Card Encryption key' button at the bottom left

You will see a dialog similar to the one below that asks you to confirm the step and the reasons why the step is required. Click 'Yes' to continue.

Some notes about this process:

• Theatre Manager will generate a completely random a 40 character key to use as half of the encryption key process that will be unique to the venue and re-encrypt all cards in the database.
• This encryption key will not be known to the user and will not be known to Arts Management
• You can still use theatre manager while this process occurs to sell tickets and take credit cards.
• This process should be performed at least annually.
  • A venue will be reminded to do it after 350 days
  • If it is not done, within the required time frame, then it will automatically occur during any upgrade that occurs 350 days since the last time the venue's encryption key was changed
• It should be performed at any time you suspect a security breach to any part of your network (make sure you also address whatever the security breach might have been).