Introduction

At Ticketsolve, we understand the critical importance of safeguarding payment card information and maintaining the highest security standards. To this end, we have developed a robust governance framework to manage security risks and ensure full compliance with industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS). In this article, we will outline our key security policies, procedures, and certifications to assure our customers that their data is safe with Ticketsolve.

PCI DSS Compliance and Certification

Ticketsolve is fully PCI DSS compliant, and we undergo an annual audit by an independent PCI consultant. This audit ensures that our platform meets the highest security standards for payment card information processing. Our valid PCI DSS compliance certificate is available for download at the bottom of this article.

Comprehensive Security Policies and Procedures

Our security policy is largely derived from our adherence to the latest PCI DSS requirements. These policies and procedures are audited annually by an external auditor, and they cover various aspects of security, including:

• User management procedures: We ensure proper access control and user authentication for secure access to our platform.
• Service provider compliance validation: We regularly assess third-party suppliers to ensure they comply with our security standards.
• Security configuration standards for servers: We implement best practices for secure server configuration and management.
• Data retention and storage procedures: We establish guidelines for retaining and securely storing customer data.
• Detailed incident response plan: We develop a comprehensive plan for detecting, managing, and recovering from security incidents.

Additional Security Frameworks and Certifications

To further strengthen our security posture, Ticketsolve has implemented several other frameworks and certifications:

• Cyber Essentials: We have obtained the Cyber Essentials certification, showcasing our adherence to essential cybersecurity measures.
• Annual 3rd Party Penetration Testing: We conduct external penetration tests to identify and address potential vulnerabilities in our systems.
• Chief Information Officer (CIO) Responsibility: We have assigned the role of CIO to oversee and ensure the implementation of security measures across our organisation.

Executive Responsibility and Accountability

With clear roles and responsibilities outlined in our Security Policy, the ultimate responsibility for ensuring adherence lies with the CEO. This commitment to security starts at the top of our organisation, ensuring a strong culture of security throughout Ticketsolve.

Partnering with Global Payments for Secure Payment Processing

At Ticketsolve, we understand the importance of secure payment processing for our customers. To ensure a fully secure system for payments, we have chosen to partner with Global Payments, a leading online payment gateway with a proven track record in providing secure and reliable payment solutions.

Our integration with Global Payments utilises their Hosted Payments Page (HPP) technology. This means that all card details are securely stored within Global Payments' systems, and not within Ticketsolve. When a customer enters their payment information, they are directed to Global Payments' HPP, where they can complete the transaction safely and securely.

This approach provides multiple benefits for our customers, including:

• Enhanced Security: By using Global Payments' HPP, we ensure that sensitive card details are never stored within our system, significantly reducing the risk of data breaches or unauthorised access.
• PCI DSS Compliance: Our integration with Global Payments' HPP helps to simplify the process of maintaining PCI DSS compliance, as the responsibility for storing and processing cardholder data is managed by Global Payments, a fully PCI DSS compliant provider.
• Seamless User Experience: Although customers are redirected to the HPP for secure payment processing, the page is designed to match the look and feel of our customers' websites, ensuring a consistent and seamless user experience.

By partnering with Global Payments and using their Hosted Payments Page technology, Ticketsolve is able to provide a secure and reliable platform for processing online payments, further strengthening our commitment to protecting our customers' data and maintaining the highest security standards.

Conclusion

Ticketsolve is dedicated to providing a secure and reliable platform for our customers. Our full PCI DSS compliance, combined with our comprehensive security policies and procedures, demonstrates our unwavering commitment to protecting payment card information. Please feel free to download our PCI DSS compliance certificate at the bottom of this article for your records. If you have any questions or concerns regarding our security measures, please do not hesitate to contact us.