Skip to main content

What Are My Responsibilities for PCI DSS Compliance?

Responsibilities of Thepointofsale.com, event organizers and users of rented Stripe payment terminals

Geneviève Bélanger avatar
Written by Geneviève Bélanger
Updated over a week ago

You benefit from a secure PCI DSS-compliant environment as an event organizer using Thepointofsale.com for ticketing and payments.

However, PCI DSS compliance is based on a collaborative shared responsibility model between Thepointofsale.com and event organizers.

Thepointofsale.com's Responsibilities

Secure payment processing through a PCI DSS-compliant provider, Stripe.

Credit card data management without storage on our servers.

Fraud protection through advanced detection tools.

Implementation of encryption and strong authentication measures.

Event Organizer's Responsibilities

1- Never Collect or Store Buyers' Banking Information

Thepointofsale.com manages your buyers' payments.

It is strictly forbidden to ask a buyer to give you their credit card details by phone, email or any other means.

2- Use Secure Access To Connect to the Thepointofsale.com Platform

  • Never share your login details with other people.

  • Activate two-factor authentication (2FA) when available.

  • Update your passwords regularly and always use strong combinations, e.g. a minimum of twelve characters with at least one capital letter, a number and a symbol.

3- Manage Your Team's Access

If any of your team members need to access the platform, ensure they only have the permissions they need to carry out their tasks, without compromising the security of your customers' transactions.

See Best Practices When Creating a User

4- Monitor Transactions and Report Any Suspicious Activity

If you notice any unusual activity, e.g. unauthorized refunds, suspicious multiple purchases, etc., please contact our team immediately by email at organizer@thepointofsale.com.

5- Check Third-Party Solutions' Compliance

If you use external tools, such as payment gateways, third-party tool integrations or third-party event management systems, please ensure they are PCI DSS compliant before linking them to our platform.

Responsibilities for Users of Payment Terminals Provided by Thepointofsale.com

If you use a physical payment terminal provided by Thepointofsale.com to process credit card transactions for your event, please apply the following rules:

1- Secure Access to the Terminal

  • Make sure that only authorized members of your team can access it.

  • Never leave a terminal unattended in a public place.

2- Check Terminal's Integrity

  • Follow the instructions shared by our team to ensure the integrity of the terminal.

  • Inspect your device twice daily to detect any possible tampering, such as a suspicious device added, a damaged cable, etc.

  • Never connect the device to an unsecured or public Wi-Fi network.

3- Use a Secure Connection

  • Always connect the device to a private, secure Wi-Fi network.

  • If the device has a 4G/LTE connection, this is the best option to avoid using any potential unsecured Wi-Fi.

4- Return the Terminal After the Event

  • Return the terminal according to the instructions supplied with the device to avoid any liability for loss or damage.

By applying these best practices yourself, you are helping to ensure the security of your customers' transactions and protect their data.

Did this answer your question?