Compliant with PCI-DSS 3.2.1 Level 1 as both a Merchant and a Service Provider.
Registered with both Visa and MasterCard as a PCI-compliant Service Provider.
Annually audited by a Qualified Security Assessor (BDO USA, LLP).
Passes internal and external application and network penetration testing performed by Marcum Technology.
Scanned daily by an Approved Scanning Vendor (ASV), Tenable.io.
PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
Credit Card data is never stored by ShowClix.
Where possible, ShowClix utilizes credit card tokenization for minimizing risk related to cardholder data.
ShowClix provides organizers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.
Privacy
We do not sell personal information of our customers to third parties.
We have a full time staff focused on privacy and security issues.
We participate in and comply with the EU-U.S. Privacy Shield Framework. You can find out more about our commitment to the EU-U.S. Privacy Shield Framework in our EU-US Privacy Shield Notice.
ShowClix processes user personal data in accordance with GDPR's data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.
ShowClix uses carrier grade data centers that meet the following certifications: PCI-DSS Level 1 Service Provider SOC 1 Type II and SOC 2 Type II ISO 27001
Software Development
All ShowClix software engineers receive software security training that covers security best practices including OWASP Top Ten as well as Mobile Security best practices.
ShowClix uses static code analysis tools to analyze code for security vulnerabilities.
All ShowClix source code is developed in accordance with a standard SDLC process that includes: - A software and security code review before being shipped to production. - Running through a continuous integration test suite. - Manual QA testing.
Encryption
All web traffic is encrypted by TLS 1.2 or greater.
ShowClix follows NIST recommendations for hashing, symmetric and asymmetric encryption.
Organization
All staff regularly receive security training by trained professionals and must pass security quizzes testing their security awareness.
All staff regularly receive simulated phishing tests.
All staff must sign off on security and acceptable use policies and procedures.
All staff are subject to detailed background checks.
Security Vulnerability Responsible Disclosure
ShowClix encourages the responsible disclosure of security vulnerabilities by offering a reward program for security researchers. The terms of this program are defined in the Patron Technology Security Vulnerability Program.
