Compliant with PCI-DSS as both a Merchant and a Service Provider.
Registered with both Visa and MasterCard as a PCI-compliant Service Provider.
Annually audited by a Qualified Security Assessor (BDO USA, LLP).
Passes internal and external application and network penetration testing performed by SDG Corporation.
Scanned daily by an Approved Scanning Vendor (ASV), Tenable.
PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.
Credit Card data is never stored by Leap Event Technology.
Where possible, Leap Event Technology utilises credit card tokenization for minimising risk related to cardholder data.
Leap Event Technology provides event organizers with the ability to collect in-person payments securely using End to End Encryption (E2EE) payment terminals.
Privacy
We have a full-time staff focused on privacy and security issues.
We participate in and comply with the EU.U.S. Data Privacy Framework Principles (and the UK Extension).
Leap Event Technology processes user personal data in accordance with GDPR’s data protection principles.
Leap Event Technology uses carrier grade data centers that meet the following certifications:
PCI-DSS Level 1 Service Provider
SOC 1 Type II and SOC 2 Type II
ISO 27001
Software Development
All Leap Event Technology software engineers receive software security training that covers security best practices including covering OWASP Top Ten as well as Mobile Security best practices.
Leap Event Technology uses static code analysis tools to analyze code for security vulnerabilities.
All Leap Event Technology source code is developed in accordance with a standard SDLC process that includes
A software and security code review before being shipped to production.
Running through a continuous integration test suite.
Manual QA testing.
Encryption
All web traffic is encrypted by TLS 1.2 or greater.
Leap Event Technology follows NIST recommendations for hashing, symmetric and asymmetric encryption.
Authentication
Leap Event Technology offers multi-factor authentication as an option for all Leap Event Technology seller accounts.
All API endpoints require authentication in order to be accessed, scoped to existing permission sets from the account the API keys are bound.
Authorization
Leap Event Technology allows fine-grained permission control for seller account users, to adhere to least privilege principles.
Organization
All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
All staff regularly receive simulated phishing tests.
All staff must acknowledge security and acceptable use policies and procedures.
All staff are subject to detailed background checks.
Security Vulnerability Responsible Disclosure
Leap Event Technology encourages the responsible disclosure of security vulnerabilities by offering a reward program for security researchers. The terms of this program are defined in the Leap Event Technology Responsible Disclosure Program.