Ticketsolve Pay PCI Statement

Natalie Watson
Updated

Ticketsolve Pay is built to meet the highest PCI DSS standards and uses Mangopay as its payment provider.

MangoPay is fully PCI DSS compliant, audited, and certified at the highest level required for payment providers. Ticketsolve is also PCI compliant and audited as a service provider.

However, PCI compliance is not limited to your use of Ticketsolve. It applies to your organisation as a whole and covers anything that involves handling cardholder data - including internal processes, staff training, physical terminals, card receipts, and any other systems or suppliers you use (for example, cafés or retail points of sale).

How PCI compliance works

PCI compliance operates at different levels:

  • Payment providers (such as our payment partner Mangopay) are required to be fully PCI compliant, audited, and certified at the highest level.
  • Ticketsolve is required to be PCI compliant and audited as a service provider. We do this and can provide our Attestation of Compliance (AOC) on request.
  • Merchants (you) are also required to be PCI compliant, but due to the size and nature of most organisations, this does not usually require formal certification.

What you may be asked to do

Your merchant or acquiring bank may ask you to:

  • Provide Ticketsolve’s PCI Attestation of Compliance (AOC)
  • Complete a PCI Self-Assessment Questionnaire (SAQ A). This is a self-assessment used by banks to validate your PCI compliance based on how you handle cardholder data.
  • In some cases, complete PCI-mandated vulnerability (ASV) scans

These requests can vary depending on your bank and transaction volumes.

Important notes

  • Ticketsolve cannot advise on your organisation’s overall PCI compliance, as this depends on your wider systems and processes beyond Ticketsolve.
  • You are responsible for understanding the scope of your own cardholder data environment and ensuring appropriate internal procedures are in place.
  • If you have questions about PCI questionnaires or requests, you should contact the organisation that requested them; typically, your merchant or acquiring bank.

For more information, you can refer to the PCI Security Standards Council and the latest SAQ Instructions and Guidelines.

Want to know more?

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.