VIP Ticket Form Hall of Shame
E-Commerce using Excel and Word forms over e-mail = bad practice
The 2012 tour season is revving up - lots of big tours and festival lineups are being announced almost daily. And that means lots of VIP / "friends and family" ticket requests will follow. These are the tickets held back by the venue, promoter, and the artist and the intention is to distribute these as efficiently and securely as possible. After all, they are some of the best tickets in the house, are not marked up, and they require a golden passport to get them. So why are so many of these tickets being sold through unsecure forms - or worse - Excel and Word docs being filled out and e-mailed?
The Privacy/Security Problem
There is NOTHING secure about sending around sensitive data (personal information, credit card information) through e-mail. That is why in 2012 no one in their right mind would purchase items online without a secure, encrypted connection (https). Furthermore, most of these documents are subsequently printed out so that someone can then run them through some sort of credit card machine. One they are used - who knows what happens to the printed out paper or the emails and documents stored on someone's email account.
Here are a few incidents we have personally witnessed:
Here are a few incidents we have personally witnessed:
- An Excel ticket form emailed mistakenly was sent with someone else's information (including credit card) filled in already
- An e-mail invite contained the the personal e-mail addresses of over 100 VIP's
The PCI Compliance Problem
Some large tours ring up hundreds of thousands of dollars in private ticket sales. If using e-mailed Excel/Word/PDF forms, they are violating almost all industry regulations regarding the safe and secure processing of credit cards. We wrote about this risk last year. According to the PCI Compliance web site:
"The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business."
"The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business."
- You have to sign and fax this one
- No ticket price?
- Writing down CVV2 code is strictly prohibited
- These forms have to be printed out and remain paper througout
-
-
-
-
- You have to sign and fax this one
- No ticket price?
- Writing down CVV2 code is strictly prohibited
- These forms have to be printed out and remain paper througout
The Honest Mistake Problem
Look, everyone we have dealt with using paper forms to process tickets is competent, hard-working, and professional. We marvel at their abilities to keep track of all the requests and process them so that the tickets end up in the right hands. But many times (and especially when the show date is imminent) things get disorganized and mistakes happen.
Some of these mistakes we have seen include:
- Being sent 16 tickets (instead of 4 purchased) to the year's hottest teen starlet concert
- Lost requests (too many times to count)
- Sent the wrong form
- Processed tickets for the wrong date
The Customer Service Problem
Let's consider for a second the "customer" experience when using e-mail forms. Most of the time, someone fills out a Word/Excel form and sends it to some nameless person. And that's it. No confirmation. No instructions on what do do. No one to ask. So what happens? The ticket requestor is in the dark. Will the tickets be there? If they are confused, most of the time they will start firing off emails and calls that the tour has to respond to. Or not?
The people that request these VIP tickets are - well, they are VIPs. Is this the way that your tour wants to do business with people who represent some of your most valued relationships?
The people that request these VIP tickets are - well, they are VIPs. Is this the way that your tour wants to do business with people who represent some of your most valued relationships?
The Internal Controls Problem
Hundreds, maybe thousands of orders. Who is requesting these tickets? Who is referring these people? Are some people abusing the process? Internal controls are necessary to ensure that only people who are permitted to request tickets can do so. AND - that some people are not violating policies set forth by management.
Controls problem may include:
For a solution to stop using emailed or faxed paper/Word/Excel forms to process ticket requests, please check out our Live Access secure VIP ticketing system.Controls problem may include:
- Fradulent sale of comp'ed tickets (as seen in the University of Kansas ticket scandal)
- Tickets acquired through VIP channels and then resold for profit on the secondary market
