Articles in this section

Ticketure Data Processing Diagram

TixTrack and the Ticketure Data Security team work hard to ensure the security of all data transferred both within the Ticketure ecosystem as well as to any 3rd party applications are encrypted at all times and exposure/risk of PII or Card information is minimized. 

PII Information (Non Credit Card Details)

Ticketure ensures that all PII and system information stored and/or transmitted within the Ticketure ecosystem is not only encrypted via SSL while in transit but also encrypted while at rest within our data tables. By encrypting data at all times within the system, we can mitigate any risk of data being exposed. 

In addition, Ticketure requires very little PII to complete its transactions, requiring only a customer email, first name, and last name. All other information is optional and is at the organization's discretion as to what information is collected and when. By not requiring a significant amount of PII to complete the order, Ticketure not only provides an efficient checkout process but also helps minimize any PII collection/held within the system.

Credit Card Information

Ticketure relies on Stripe (exclusively) for all credit card processing. Through Stripe's tokenization and payment form processing, Ticketure application nor TixTrack servers ever see or transmit any card data. All card information is entered on Stripe servers, with Stripe providing us a 'token' and a few details about the card used (type and last 4) which are then stored within Ticketure for reporting and reconciliation. 

Data Flow Diagram

The following diagram outlines how Ticketure handles the passage of the various types of information within the Ticketure ecosystem. From the Point of Sale (POS) to the eCommerce (web) transactions, all data is encrypted and secure.

Ticketure_Diagram.png

Card Present Transactions - POS (Point of Sale)

The Point of Sale leverages Stripe terminal for all in person payments. Stripe Terminal has 2 options for connection to the Stripe network. Both methods provide secure communication to the Stripe payment services, resulting in a quick approval of charges. 

  • Network - For stationary POS locations, leveraging the BBPOS Wise POS E leverages either wired or wireless networks to establish a secure connection directly with Stripe bypassing any communications with Ticketure's iPad. 
  • Bluetooth - For mobile POS locations, or for organizations looking for smaller form factors, the M2 Stripe Reader can be leveraged, providing Bluetooth connectivity between the M2 Credit Card Reader and the Ticketure iPad, where the iPad provides only the network connectivity for communication. 

In looking at the diagram above, Ticketure's POS application is responsible for the following communications: 

  • SSL Encrypted Non Transactional Information (no CC) - Dotted line - this information would be checking availability for an event, adding tickets to baskets, searching for customers, scanning tickets, etc. This information is SSL encrypted as it may include PII of customer search results but does not contain any credit card information
  • Stripe Terminal - SDK Communication (no CC) - Blue Line - at the time of payment collection, the Ticketure POS application leverages Stripe Terminal's SDL to tell the connected reader that it needs to collect a payment of $X. 
  • Stripe - P2PE Encrypted CC Information (CC) - Red Line - After receiving the request for payment, the Stripe terminal captures the card information and transmits this over a secure encrypted connection.  
  • Stripe - SSL Stripe PaymentIntent Communication (limited CC) - Green Line - After processing the payment, Stripe communicates back to the Ticketure servers that the charge was accepted, declined, etc. This information only contains the cart type and the last 4 of the card used. Ticketure's servers then tell the POS that the payment has been processed and booked.
Note

In either configuration, At no time does Ticketure's application or TixTrack's servers see/transmit or have exposure to the credit card information being handled. 

Card Not Present Transactions

Ticketure's CMS and Web are considered Card Not Present interfaces and process credit cards without leveraging a Stripe Terminal. Card not present transactions follow a similar path within the Ticketure ecosystem, except instead of leveraging a terminal that transmits the data to Stripe, Ticketure leverages Stripe's Elements Hosted Web Form to present a form within Ticketure that securely captures the card information and transmits it to Stripe. 

For card not present transactions the diagram above outlines the transmission of data with the following details: 

  • SSL Encrypted Non Transactional Information (no CC) - Dotted line - this information would be checking availability for an event, adding tickets to baskets, etc. This information is SSL encrypted as it may include PII of the customer name, email for logged in members, or account creation.
  • Stripe Elements - Hosted Web Form (CC) - Orange Line - at the time of payment collection in the CMS or Web, Ticketure requests a Stripe Element for card capture. Visitors enter their card details on the Stripe form and the post from Ticketure submits the form with the amount of the charge.
Note:

For additional information on Stripe integrations, please see additional Stripe Integration documentation.


Was this article helpful?
2 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.