Did you know? Ticketbooth will soon become Leap Event Ticketing.
PCI Compliance and Payment Handling
- Compliant with PCI-DSS 4 Level 1 as both a Merchant and a Service Provider.
- Registered with both Visa and MasterCard as a PCI-compliant Service Provider.
- Annually audited by a Qualified Security Assessor (BDO USA, LLP).
- Passes internal and external application and network penetration testing performed by SDG.
- Scanned daily by an Approved Scanning Vendor (ASV), Tenable.io.
- PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
- Credit Card data is never stored.
- Where possible, we utilise credit card tokenization for minimising risk related to cardholder data.
- Leap Ticketing provides organizers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.
Refer to: PCI Compliance
Privacy
- We do not sell personal information of our customers to third parties.
- We have a full-time staff focused on privacy and security issues.
- We participate in and comply with the EU-U.S. Privacy Shield Framework. You can find out more about our commitment to the EU-U.S. Privacy Shield Framework in our EU-US Privacy Shield Notice.
- Ticketbooth processes user personal data in accordance with GDPR’s data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.
- You can find our privacy policy at: https://support.ticketbooth.com.au/privacy/
Hosting Environment
Ticketbooth uses carrier-grade data centres that meet the following certifications:
- PCI-DSS Level 1 Service Provider
- SOC 1 Type II and SOC 2 Type II
- ISO 27001
Software Development
- All Ticketbooth software engineers receive software security training that covers security best practices, including covering OWASP Top Ten as well as Mobile Security best practices.
- Ticketbooth uses static code analysis tools to analyse code for security vulnerabilities.
- All Ticketbooth source code is developed in accordance with a standard SDLC process that includes
- A software and security code review before being shipped to production.
- Running through a continuous integration test suite.
- Manual QA testing
Encryption
- All web traffic is encrypted by TLS 1.2 or greater.
- Ticketbooth follows NIST recommendations for hashing, symmetric and asymmetric encryption.
Authentication
- Ticketbooth offers multi-factor authentication as an option for all Ticketbooth seller accounts.
- All API endpoints require authentication in order to be accessed, scoped to existing permission sets from the account the API keys are bound.
Authorisation
Ticketbooth allows fine-grained permission control for seller account users, to adhere to least privilege principles.
Organisation
- All staff regularly receive security training by trained professionals and must pass security quizzes testing their security awareness.
- All staff regularly receive simulated phishing tests.
- All staff must sign off on security and acceptable use policies and procedures.
- All staff are subject to detailed background checks.
Security Vulnerability Responsible Disclosure
Ticketbooth encourages the responsible disclosure of security vulnerabilities by offering a reward program for security researchers. The terms of this program are defined in the Leap Event Technology Security Vulnerability Program.