Do you sell tickets for your events via your own website? Read on to find out about some complex (and costly) regulations you may not be aware of…
If you process or handle customer’s credit card details as part of your business, you need to be PCI/DSS Compliant. This is standard which has been agreed by the major card brands (Visa, Mastercard) to ensure the security of customer’s cards. It applies to you whether you process cards with a chip and pin machine, online via your website or via an external service provider.
Many businesses do not realise they have a requirement to be PCI compliant, however this year the regulations are tightening up with the introduction of version 3 of the standards.
So in a nutshell, what does this mean for event promoters?
- If you have any form of card processing facility, you will be required to be compliant – including the sale of tickets on your own website.
- The complexity of becoming compliant will vary depending upon the setup you have
- Costs to become compliant can range from around £100 right up to £100,000+
- You may need to invest in website scans and penetration tests.
- If your website is breached, fines can start at £5,000 and are uncapped.
- The simplest way to reduce your compliance overhead is to outsource payments to a third-part
So that’s the bad news. The good news is, that by outsourcing your payments you can usually reduce the requirements right down to something you can achieve in an hour (a simple checklist) or even have no requirements at all. This is because the 3rd party has already met the above requirements.
Selling tickets through a third party such as Skiddle means you have no PCI requirements at all if you use our payment facilities. We are PCI Compliant and invest heavily in our security to ensure you can trust us to process your ticket payments. You can even embed the ticket sales onto your website using our iFrame ticket box, or use our White Label ticket shop – all without any PCI headache.
If you’d like more information, please get in touch!