Security Guide

PCI Compliance and Payment Handling

Compliant with PCI-DSS 3.2.1 Level 1 as both a Merchant and a Service Provider.
Registered with both Visa and MasterCard as a PCI-compliant Service Provider.
Annually audited by a Qualified Security Assessor (BDO USA, LLP).
Passes internal and external application and network penetration testing performed by Marcum Technology.
Scanned daily by an Approved Scanning Vendor (ASV), Tenable.io.
PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
Credit Card data is never stored by Ticketleap.
Where possible, Ticket utilizes credit card tokenization for minimizing risk related to cardholder data.
Ticketleap provides organizers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.

We have a full time staff focused on privacy and security issues.
We participate in and comply with the EU-U.S. Privacy Shield Framework. You can find out more about our commitment to the EU-U.S. Privacy Shield Framework in our EU-US Privacy Shield Notice.
Ticketleap processes user personal data in accordance with GDPR's data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.
You can find our privacy policy at: https://www.ticketleap.au/legal/privacy.

Ticketleap uses carrier grade data centers that meet the following certifications:
PCI-DSS Level 1 Service Provider
SOC 1 Type II and SOC 2 Type II
ISO 27001

All Ticketleap software engineers receive software security training that covers security best practices including OWASP Top Ten as well as Mobile Security best practices.
Ticketleap uses static code analysis tools to analyze code for security vulnerabilities.
All Ticketleap source code is developed in accordance with a standard SDLC process that includes:
- A software and security code review before being shipped to production.
- Running through a continuous integration test suite.
- Manual QA testing.

All web traffic is encrypted by TLS 1.2 or greater.
Ticketleap follows NIST recommendations for hashing, symmetric and asymmetric encryption.

All staff regularly receive security training by trained professionals and must pass security quizzes testing their security awareness.
All staff regularly receive simulated phishing tests.
All staff must sign off on security and acceptable use policies and procedures.
All staff are subject to detailed background checks.

Ticketleap encourages the responsible disclosure of security vulnerabilities by offering a reward program for security researchers. The terms of this program are defined in the Leap Event Technology Security Vulnerability Program.