HomeSecurity Statement

Security Statement

PCI-DSS Compliant

  • Ferve Tickets complies with PCI-DSS 3.2.1 as a Service Provider.
  • We perform regular internal and external application and network penetration testing.
  • Scanned quarterly by an Approved Scanning Vendor (ASV) (Qualys).
  • PCI Attestation of Compliance (AOC) is available on request.
  • Ferve Tickets has a security team responsible for PCI Compliance.

Privacy

  • Ferve Tickets maintains a privacy program which complies with the Australian Privacy Principles and/or GDPR as appropriate.
  • We do not transfer the personal information of customers to third parties, other than the organiser of your events and to payment processors, unless otherwise required to by law.
  • See https://ferve.tickets/privacy for more information

Server Environment

Equinix hosts Ferve Tickets’s development and production systems in Sydney, AU.

  • PCI-DSS Level 1 Service Provider
  • ISO 27001 certified
  • Independently verified and audited
  • SAS-70 Type II and SSAE16

Web/Mobile Application Development

  • We are committed to designing, building, and maintaining secure systems which includes websites and mobile applications.
  • All applications are regularly scanned for common security vulnerabilities, including the OWASP Top Ten.
  • Regular training on Secure Coding Practices is provided.
  • No full credit card information is permitted to be stored on any mobile device, nor in any part of our network.
  • Use of encryption for both storage and transmission of sensitive information is regularly audited.
  • Web and mobile applications are developed and maintained by our experienced engineering team.
  • We encourage clients to also follow high security practices in their own websites and in dealing with us.

Encryption

  • Ferve Tickets uses strong encryption to protect all private information while in transit.
  • All private information including credit cards is encrypted with minimum TLS1.2 with AES128 or AES256 ciphers while in transit through our production systems (depending on the standards supported by your browser).
  • Ferve Tickets’s website and APIs are accessible via a 2048-bit SSL certificate issued by a number of different certification companies including Lets Encrypt, Digicert, and others.
  • We regularly check and aim for A grade security or higher on SSL, verifiable with SSL labs.

About Us

  • All employees are subject to reference, education, and other checks before employment.
  • Some technical employees are also subject to additional background checks, including checks with Victoria Police.
  • Ferve Tickets has an information security training program that meets PCI-DSS standards.
  • Knowledgeable security personnel are on staff, and specialist outsourced security experts are consulted when required for independent verification (PCI Consulting Australia Pty Ltd).
  • We require written acceptance by employees of their roles and responsibilities in maintaining PCI-DSS and privacy of data.

Incident Response

  • No system is ever guaranteed perfectly secure 🙁
  • We have a detailed Incident Response plan in place that we use to respond to incidents when they occur.
  • Periodic testing of the response plan is done to ensure all staff are familiar with processes, and experienced at rapid response when needed.
  • Ferve Tickets has 24×7 monitoring of its security systems.

Security Disclosures

  • If you discover a vulnerability with Ferve Tickets’s applications or systems, we urge you to report it to us.
  • We are likely to be able to resolve the issue quickly, usually within a few days.
  • Please allow us that small amount of time to address your discovered issue before publishing your findings.
  • Contact us on security(at)ferve.tickets.