You are here

HomeInstalling Theatre ManagerSchedule A/B/C/D Compliance - Self Assessment Questionnaire

Shredding Credit Cards

Subscribe to Syndicate
Theatre Manager can implement either Schedule "C" or "D" for the SAQ - the choice is yours. You can define a retention period for credit card information in Theatre Manager on the System Preferences on the PCI Security Screen before it is 'shredded' per PCI DSS standard 3.1
A card is stored in the database is only contained in one table/field called fCreditCards.CD_CARD_NO. There are no other permanent or temporary locations where it is stored. The card number can be removed using the shred feature. PCI DSS standard 3.1

Notes:

  • A shredded card is stored in the database as '#### **** **** ####'. This renders the PAN useless for all purposes. However, if given the first 4 and last 4 digits of any card, you can still search for and find the patron who used a card starting and ending with those digits (the card, of course, will not exist in the database).
  • Schedule "D" compliance with about 120 days of retention is sufficient for most venues, especially if you are using post dated payments or may have to deal with refunds for cancelled events
  • Schedule "C" compliance means that no card information will every be stored in the database. It means cancellation of an event will need the customer service team to call a patron to get the card to process a refund, or to convert any refund to patrons to store credit such as a gift certificate.