PCI Compliance

The Payment Card Industry Data Security Standards (PCI-DSS) are a set of requirements designed to ensure that merchants of all sizes process, store, and transmit credit card information in a secure environment.

Did you know...

More credit cards are stolen than any other form of financial infor­mation, according to industry statistics and government agencies.


  • 92% of card data compromises take place in small businesses with low processing volume.1
  • On average, there is at least one publicly reported, signifi­cant security breach per day, though most breaches are NOT reported.2
How to comply with PCI DSS

The PCI Certification process requires you to hire a third-party Approved Scanning Vendor (ASV) or a Qualified Security Assessor (QSA) to complete the certification process. We recommend that you first contact your merchant processor for specific validation requirements and deadlines.


Choose a Security Vendor

If you are participating in the TicketNetwork® Merchant Processor Referral Program, the following vendors offer discount rates.


  • Merchant Warehouse/First Data partners with ControlScan. Call the Merchant Warehouse Client Services Department at 1-800-528-8430 and ask to be enrolled with ControlScan or visit www.controlscan.com/merchantwarehouse to get started.
  • Merchant Warehouse/Elavon partners with TrustWave. Please visit http://pci.elavon.com to enroll.
  • PowerPay partners with PCI TOOLKITTM. To enroll in the program please call 877-877-3737 and select option 8. For more information visit http://pci.powerpay.biz

If your merchant processor does not recommend a vendor, TicketNetwork® has partnered with both ControlScan and 403 Labs to offer discounted pricing to TicketNetwork® merchants. Both organizations are certified Approved Scanning Vendors (ASVs) and Qualified Security Assessors (QSAs) and can assist you with meeting your PCI Compliance requirements. To sign up with ControlScan, please go to www.controlscan.com/ticketnetwork. If you would like to take advantage of 403 Labs's services please visit https://ticketnetwork.403labs.com to enroll. Canadian merchants please note: you must complete the certification process through a QSA who is also certified in Canada. If you are certifying a Canadian based business, 403 Labs does offer a special Canadian merchant package as part of their TicketNetwork® program. To select an ASV or QSA other than ControlScan or 403 Labs, visit https://www.pcisecuritystandards.org/pdfs/asv_report.html and https://www.pcisecuritystandards.org/pdfs/pci_qsa_list.pdf.


Reporting

Once you have completed the certification process, your security vendor will provide you with a certificate of compliance. It is your responsibility to forward your certificate to your merchant processor and TicketNetwork®.
You can notify TicketNetwork® of your compliance status in one of three easy ways:

(1) Create a support ticket and attach your certificate.
(2) Fax in your compliance certificate to (860) 371-2106.
(3) E-mail your compliance certificate to Compliance.Response@ticketnetwork.com.

Upon receipt of your certificate, TicketNetwork®'s Compliance Team will update your account information to reflect com­pliance certification.


Benefits to Merchants

Complying the with the PCI-DSS standards benefits the mer­chant in several ways:


  • Credit card data is handled securely
    Failure on the part of a business to maintain PCI compliance standards could result in costly security breaches.
  • Protection from financial loss
    Penalties for data breaches could exceed one hundred thousand dollars ($100,000). Fixing the vulnerabilities in your system before data is compromised or exposed is invariably less expensive than solving problems after they occur.
  • Increased consumer confidence by providing security for your business
    Loss of credibility and trust from consumers can be detrimental. It is likely that consumers will not do business with a company that has failed to protect cardholder information.
  • Less fees on your merchant statement
    Some acquiring banks and processors charge their merchants a PCI non-compliance fee.
  • Improved TicketNetwork® Broker Rating
    Accounts that have not completed the certification process will lose 15 points on their broker rating. Remember: the higher your broker rating, the lower the TND rebate fee that you will pay on sales through TND.

Cost of Protecting Customer Data

Completing the scanning requirement is just one piece of meeting the PCI compliance guidelines. On average, the cost to hire an Approved Scanning Vendor(ASV) to complete the scanning requirement is about $150. First Data, Elavon, PowerPay, and American Credit Card Processing Corporation offers programs which assist merchants in com­pleting the certification process at a reduced rate. In a study of 220 Level 4 merchants conducted by ControlScan, National Retail Federation, and The PCI Knowledgebase, it was determined that 60% of these merchants spent between $1-$5,000 to comply with the PCI DSS guidelines.

In addition to scanning their respective business, many merchants find that they also need to im­plement or upgrade major applications in their office to comply with the PCI DSS guidelines. This may include purchasing security products, such as antivirus software and firewalls, or upgrading your Point-of-Sale system. Please note, TicketNetwork®'s Point-of-Sale (POS) and TicketsNow's EI Box Office are the only PA-DSS compliant POS systems in the secondary ticketing industry. You must use one of these systems in order to complete the PCI com­pliance certification process, and receive maximum points towards your Broker Rating score with TicketNetwork®. Other actions related to meeting compliance guidelines may include implementing new security polices and procedures, and purging credit card data currently stored on the system.


PCI Compliance Check List

  • Contact your Merchant Processor for specific validation requirements.
  • Register with an Approved Scanning Vendor or Qualified Security Assessor.
  • Complete the Self-Assessment Questionnaire and prepare documentation to support your answers.
  • Schedule quarterly vulnerability scanning of your data system and attest to passing the scan.
  • Forward your certificate of compliance to your merchant processor and TicketNetwork®.
Risks of Non-Compliance

Merchants across the country, including several ticket brokers, have already been fined over $100,000 for security breaches as a result of stolen credit card information. We urge you to watch this brief 12 min. video filmed by the credit card industry that explains what PCI DSS is, and what it means for your business. This informative video walks you through:


  • The risks of using non-PCI compliant Point-of-Sale software - the source of over 60% of security breaches
  • Examples of vendors held liable for more than $100K in fines!
  • How to become PCI compliant