Credit Card Data Security and How PatronManager Protects Your Data

Box Office Ticketing Security
In March, a box office ticketing company in our field had a lapse in its data security that enabled a hacker to gain access over one million records of sensitive personal information including credit card numbers, a breach that was not revealed to its customers until a few weeks ago. Since then, there have been many articles posted online about this, as a search on the terms “ticketing and hacking” will reveal. During the last few days some of our clients have been asking us about our data security practices, so I want to address that here.

As a 100% cloud-computing company founded in 2001, Patron Technology has always made data security our top priority. Our PatronManager CRM system (which will process over $50M of credit card charges this year) operates under PCI DSS-Level 1 which is the credit card industry’s highest rating for data security. You can read our press release announcing this here.

To achieve this rating, credit card numbers are never stored online within PatronManager CRM. Rather, when credit card numbers are entered into the system (either by the box office hearing it over the phone from a patron, or by the patron filling out an online form themselves), the credit card number is then routed immediately to our credit card processor (Litle & Co) that converts this number into a “token” which we use to authorize and complete the charge with the appropriate financial institutions. The token is a meaningless string of random characters — it has no value to anyone except the financial institution — and cannot be used to gain unauthorized access to a credit card number.

Beyond this, PatronManager is built and hosted on salesforce.com’s Force.com platform which means that all data security for any information (such as patron names and addresses and phone numbers) are subject to the Fortune-500 standards that salesforce.com provides its corporate clients, such as GE, Fedex, JPMorgan/Chase. This PDF from salesforce.com describes the level of data security on PatronManager.

Then, in our office, we manage sensitive personal information for our new customers when we migrate their data from older systems to PatronManager. Our data control process requires our Client Services Team to use a secure online data storage service to manage the data migration and importing process. Patron information sent to us by our clients is never stored on the hard drives of any of our computers.

If you are a PatronManager CRM client or are considering becoming one, and want more detail about how PatronManager manages data security, please contact us here and we’ll be glad to answer your questions.

– – – – – – – – – – – – – – –

Click here to find out more about our box office ticketing system.

Sign up for our monthly newsletter featuring highlights of our articles and PatronManager news, or a weekly digest of every one of our articles right to your inbox.