This article will cover how to add or remove full credit card information access from specific Users.
In order to ensure Payment Card Industry (PCI) compliance, Users with this level of access must meet the "Bulk Access" requirements of the PCI, which include a background and credit check. If a User does not need to have access to the full credit card number, then you should turn these options off.
PCI compliance standards require Users that have permission to view full credit card numbers to have a session timeout of 15 minutes and reset their password every 90 days. If the User is able to view full credit card information, the system will override the account settings requirements (if they are less restrictive) for session timeout and password reset for that user.
As a best practice, unless access to the full CC numbers is absolutely required, the Account Administrator should reach out to Support to turn off the Financial and/or Accommodation modules on the account level, which will remove this option for all Users in that Account.
Adding/Removing Full CC Access to a User
- Navigate to Account Settings > Administration > User Information.
- Search for and click on the User you want to edit.
- Scroll down to Credit Card Access Permissions.
- Check/uncheck the box next to "Financial Module: Full CC Number Access" and/or "Accommodation Module: Full CC Number Access".
- Click Save.