You are here

Changing the Cryptography for Credit Cards

Subscribe to Syndicate
Credit cards stored in a database must be encrypted using a key that is distinct to the venue per PCI DSS standard 3.6. This must occur:
  • Immediately after the initial implementation and data conversion has taken place
  • on a minimum of an annual basis. If the procedure is not invoked manually, it will be done automatically during any upgrade.
  • if there is any suspected security breach at the organization

To change the cryptography of credit card information at any time:

  • Log in as Master User
  • Go to the System Preferences->Security Tab
  • Click 'Change Card Encryption key' button at the bottom left

You will see a dialog similar to the one below that asks you to confirm the step and the reasons why the step is required. Click 'Yes' to continue.

Some notes about this process:

  • Theatre Manager will generate a completely random a 40 character key to use as half of the encryption key process that will be unique to the venue and re-encrypt all cards in the database.
  • This encryption key will not be known to the user and will not be known to Arts Management
  • You can still use theatre manager while this process occurs to sell tickets and take credit cards.
  • This process should be performed at least annually.
    • A venue will be reminded to do it after 350 days
    • If it is not done, within the required time frame, then it will automatically occur during any upgrade that occurs 350 days since the last time the venue's encryption key was changed
  • It should be performed at any time you suspect a security breach to any part of your network (make sure you also address whatever the security breach might have been).