ShowClix Security Guide

PCI Compliance and Payment Handling

  • Compliant with PCI-DSS 3.2.1 Level 1 as both a Merchant and a Service Provider.
  • Registered with both Visa and MasterCard as a PCI-compliant Service Provider.
  • Annually audited by a Qualified Security Assessor (BDO USA, LLP).
  • Passes internal and external application and network penetration testing performed by Marcum Technology.
  • Scanned daily by an Approved Scanning Vendor (ASV),
  • PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
  • Credit Card data are never stored by ShowClix.
  • Where possible, ShowClix utilizes credit card tokenization for minimizing risk related to cardholder data.
  • ShowClix provides organizers with the ability to opt into using EMV with point-to-point encryption (P2PE) for payment processing.


  • We have a full time staff focused on privacy and security issues.
  • We participate in and comply with the EU-U.S. Privacy Shield Framework. You can find out more about our commitment to the EU-U.S. Privacy Shield Framework in our EU-US Privacy Shield Notice.
  • ShowClix processes user personal data in accordance to GDPR’s data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.
  • You can find our privacy policy at:

Hosting Environment

  • ShowClix uses carrier grade data centers that meet the following certifications:
    • PCI-DSS Level 1 Service Provider
    • SOC 1 Type II and SOC 2 Type II
    • ISO 27001

Software Development

  • All ShowClix software engineers receive software security training that covers security best practices including covering OWASP Top Ten as well as Mobile Security best practices.
  • ShowClix uses static code analysis tools to analysis code for security vulnerabilities.
  • All ShowClix source code is developed in accordance with a standard SDLC process that includes
    • A software and security code review before being shipped to production.
    • Running through a continuous integration test suite.
    • Manual QA testing.


  • All web traffic is encrypted by TLS 1.2 or greater.
  • ShowClix follows NIST recommendations for hashing, symmetric and asymmetric encryption.


  • All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
  • All staff regularly receive simulated phishing tests.
  • All staff must sign off on security and acceptable use policies and procedures.
  • All staff are subject to detailed background checks.

Security Vulnerability Responsible Disclosure