Credit Card Processing

Code that deals with credit card data is primarily focused in credit card authorization, payment, season subscription areas, but is not limited to them.

Developers should be aware if they are modifying anything that can impact or change what we do with sensitive customer data, a senior developer must review it. Keep the PA-DSS guidelines in mind when developing in these areas is key, and you can review the Theatre Manager install documentation under PCI compliance.

	A change that may affect credit card processing needs to be reviewed carefully and is subject to the rules of Versioning Methodology
	When testing credit card functions, never use real card data, whether from customer or personal. We have test accounts and test credit card numbers that can be used to verify functions or issues reported by the user in the credit card area.

The following classes in the VCS are under the protection of the Senior Architect any potential changes to these classes need to be run by them first. These are the key base classes that affect credit card sales, refunds, exchanges, or storage of the credit card data.

• Any class with a name that starts with oCCAuthorize
• Any changes to the tfCreditCard table class that stores and encrypts data in the database.
• Any file, schema and table classes for ‘Merchant Setup’ such as fMerchant, sfMerchant, and tfMerchant
• Any changes to the wMerchant window