Point Of Sale Compliance & Cyber Security

MyVenue uses leading security and compliance framework practices and invests in the highest quality technology providers to ensure all customer data is securely protected.

Partnering With Best-of-breed Providers

To ensure a secure and scalable product, MyVenue partners with industry-leading cloud service providers like AWS and Google to deliver application and infrastructure services. Detailed assurance documentation (i.e. SOC 2 Type II) reports are received and reviewed regularly for these key providers.

MyVenue uses a single multi-tenanted hosted AWS system. Data is logically separated, encrypted & accessed, and controlled/restricted by individual venues and users.

The MyVenue-hosted framework has been architected to support various venue group topologies. MyVenue can work with specific venues or groups of venues to meet unique requirements.

Investment in Cyber and Security includes a full-time in-house Risk Specialist with a track record of overseeing leading-edge global technology risk assurance projects and external, independent expert consultants. MyVenue expects to be certified SOC 2 Type II compliant during 2022.

Payment Card Industry Data Security Standard (PCI DSS) Compliance

MyVenue fully complies with PCI DSS standards, using only the most trusted and safest payment technology.

Point-To-Point Encryption (P2PE)

MyVenue works with best-in-class payment processors whose PIN pad devices ensure the highest credit card transaction security, data encryption, and tokenization.

MyVenue's preferred payment processors & PIN pad providers manage data according to the strictest PCI standards, including all credit card data in transit or at rest. They also actively prevent hardware tampering & malware infections.

My Venue User Access Controls

User Access Controls (UAC)

All MyVenue users and user roles can be configured within the mvManager back-office application. Access levels are applicable to every logical element of the MyVenue solution, and an unlimited number of roles can be defined within mvManager.

The hierarchy of User Access Controls within MyVenue is (in order of highest to lowest access):

  1. Admin
  2. Management (note: used for full-time on-site managers)
  3. Manager (note: used for an event manager)
  4. Reports
  5. Suites POS user
  6. Dashboard Only

Cloud Infrastructure

The MyVenue platform is underpinned by the highest quality providers:

  1. Hosted in Amazon Web Services across multiple locations, globally
  2. Security provided by Cloudflare™ to protect the platform from automated bots, scanning, and intentional malicious use of the application
  3. Datadog™ provides insights into the health status of MyVenue’s solution, and notifies MyVenue immediately of potential issues
  4. Region-based deployments closest to you for data sovereignty, low latency, and optimal user experience
  5. Full PCI compliance and tokenization for all credit card data transmission and storage
  6. Data transmission is secured using TLS 1.2+, PKCS #1 SHA-256 with RSA Encryption
  7. All data at rest is encrypted using AES-256 encryption
  8. Data is encrypted when stored on disk, for hot & cold data
  9. All communications in & out of the platform are encrypted with the latest encryption methods
  10. Backups of data are stored in multiple locations and taken at regular intervals
  11. Built-in disaster avoidance to keep the platform operating in the event of infrastructure issues
  12. Rapid scaling to cater for game day and other high-traffic periods
  13. Data can be exported upon request for your "right to be forgotten"
  14. Change monitoring with all access & change logs across the entire platform
  15. Disaster recovery or recoverability of platform components and data tested monthly
  16. Automated processes to reduce human mistakes
  17. State-of-the-art monitoring, with alerts to deviations to stability or performance