Purpose
This article covers how to add or remove full credit card information access from specific Users.
PCI Compliance and Best Practices
- PCI stands for Payment Card Industry.
- PCI compliance requires background and credit checks for Users with full CC access.
- If a User does not need access to the full credit card number, turn off the Financial Module: Full CC Number Access and the Accommodation Module: Full CC Number Access.
- PCI compliance standards require a session timeout of 15 minutes for Users who view full credit card numbers.
- PCI compliance standards require a password reset every 90 days.
- If a User is able to view full credit card information, the system will override the account settings requirements for session timeout and password reset for that user.
- As a best practice, unless access to the full CC numbers is absolutely required, the Account Administrator should reach out to Support to turn off the Financial and/or Accommodation modules on the account level.
- This action will remove this option for all Users in that Account.
Adding/Removing Full CC Access to a User
1. Navigate to Account Settings > Administration > User Information. 2. Search for and click on the User you want to edit. 3. Scroll down to Credit Card Access Permissions. 4. Check/uncheck the box next to "Financial Module: Full CC Number Access" and/or "Accommodation Module: Full CC Number Access". 5. Click Save.
Related articles
- Scheduling and Publishing Sessions
- Partial Refunds
- Payment Options (Registration Form)
- Account Structure and Sub-Account Management
- Administrators - Enabling E-Commerce for Payment Processing