You benefit from a secure PCI DSS-compliant environment as an event organizer using Thepointofsale.com for ticketing and payments.
However, PCI DSS compliance is based on a collaborative shared responsibility model between Thepointofsale.com and event organizers.
Thepointofsale.com's Responsibilities
✅ Secure payment processing through a PCI DSS-compliant provider, Stripe.
✅ Credit card data management without storage on our servers.
✅ Fraud protection through advanced detection tools.
✅ Implementation of encryption and strong authentication measures.
Event Organizer's Responsibilities
1- Never Collect or Store Buyers' Banking Information
Thepointofsale.com manages your buyers' payments.
It is strictly forbidden to ask a buyer to give you their credit card details by phone, email or any other means.
2- Use Secure Access To Connect to the Thepointofsale.com Platform
Never share your login details with other people.
Activate two-factor authentication (2FA) when available.
Update your passwords regularly and always use strong combinations, e.g. a minimum of twelve characters with at least one capital letter, a number and a symbol.
3- Manage Your Team's Access
If any of your team members need to access the platform, ensure they only have the permissions they need to carry out their tasks, without compromising the security of your customers' transactions.
4- Monitor Transactions and Report Any Suspicious Activity
If you notice any unusual activity, e.g. unauthorized refunds, suspicious multiple purchases, etc., please contact our team immediately by email at organizer@thepointofsale.com.
5- Check Third-Party Solutions' Compliance
If you use external tools, such as payment gateways, third-party tool integrations or third-party event management systems, please ensure they are PCI DSS compliant before linking them to our platform.
Responsibilities for Users of Payment Terminals Provided by Thepointofsale.com
If you use a physical payment terminal provided by Thepointofsale.com to process credit card transactions for your event, please apply the following rules:
1- Secure Access to the Terminal
Make sure that only authorized members of your team can access it.
Never leave a terminal unattended in a public place.
2- Check Terminal's Integrity
Follow the instructions shared by our team to ensure the integrity of the terminal.
Inspect your device twice daily to detect any possible tampering, such as a suspicious device added, a damaged cable, etc.
Never connect the device to an unsecured or public Wi-Fi network.
3- Use a Secure Connection
Always connect the device to a private, secure Wi-Fi network.
If the device has a 4G/LTE connection, this is the best option to avoid using any potential unsecured Wi-Fi.
4- Return the Terminal After the Event
Return the terminal according to the instructions supplied with the device to avoid any liability for loss or damage.
By applying these best practices yourself, you are helping to ensure the security of your customers' transactions and protect their data.