Industry News

Ticket operators face new cyber threats, warns Bluefin founder

Ticketing operators must prepare for attacks from increasingly sophisticated hackers if they are to adequately protect their customers’ data, according to Bluefin Payments founder Ruston Miles.

The US company this week signed a major new partnership with Choice Ticketing, through which it will provide its PCI-validated Point-to-Point Encryption (P2PE) solution to performing arts organisations utilising Choice Entertainment Technologies’ Choice CRM platform.

While the integration means that Choice will enhance security, Bluefin believes that not all companies take their customers’ personal data, including credit card details, as seriously as they should.

Miles, the company’s founder and chief strategy officer, told TheTicketingBusiness that operators must defend themselves against new threats, claiming that criminals can sell card data for up to $80 per record.

He said: “One thing the past few years of major breaches have taught ticketing businesses is that wherever tickets are sold or accepted, hackers and fraudsters will be there over the internet or in person to steal and use payment card data.

“Increasingly, hackers have become more sophisticated in their attacks, implementing advanced malware attacks like RAM scrapers and keyloggers that sit by silently and siphon payment card data off of workstations, PC’s and networks.

“In 2018, Bluefin’s goal is to use its market leadership in the sector to assist its P2PE-connected ticketing platform partners in gaining client adoption of this most important security technology.

“Now that this security technology is available, it is important to educate clients of its existence so they select the option.

“Device encryption can’t do anything to protect a ticket office if it’s not turned on. The retail sector is rife with cautionary tales. Many of the recent high-profile retail breaches had device encryption available in their devices and POS platforms, but it was not turned on. In the end, they paid the ultimate price.”

Bluefin’s PCI-validated P2PE solution secures credit and debit card transactions by encrypting all data within a PCI-approved point of entry device, preventing clear-text cardholder data from being available in the device or the merchant’s system where it could be exposed to malware.

Figures published by the City of London Police’s National Fraud Intelligence Bureau (NFIB) and Get Safe Online, released in spring 2016, show a 55 per cent rise in ticket fraud during 2015, costing the UK public £5.2m (€6.0m/$6.3m) and rising from £3.35m in 2014.

Miles said that the addition of P2PE is a major step for companies that wish to fortify their defences.

He said: “Over the past two years, leading ticketing platforms such as Choice Ticketing have chosen to implement device encryption, known as P2PE or Point-to-Point Encryption, to encrypt the payment card data before it reaches workstations, PC’s and networks that may exposed to Malware, protecting them from the disastrous effects of breaches.”

Speaking about the integration with Bluefin, Brian Roberts, senior vice-president of corporate development and strategy at Choice, said: “Improving the relationship between our clients and their patrons is ultimately what ChoiceCRM was created for.

“Our tools, data, and efficiency allow our clients to understand their patron behind the ticket sale, and partnering with Bluefin to provide their PCI-validated P2PE solution will further strengthen these relationships while securing payment transactions with the highest security standards in the industry.”

IMAGES: TheDigitalArtist