Skip navigation

Eventbrite + Duo Security: A PCI DSS and API Case Study

Download the Guide

Eventbrite has processed more than two billion dollars worth of tickets, as well as hosting millions of events on their platform since 2006. As a major online ticket marketplace, the security of Eventbrite’s assets and users’ information is top of mind for Eventbrite’s security team.

The company was concerned about a variety of security issues, including threats to the company, integrations within the user base and the security of monetary transactions between companies.

Eventbrite was seeking two-factor authentication for two main reasons:

  1. Two-factor authentication for remote access is mandated as a requirement for PCI DSS compliance, a set of data security regulations for all retail and ecommerce companies.
  2. They realized other companies were getting breached because they didn’t have two-factor authentication.

They knew that employees often chose weak passwords, and frequently reused the same passwords across different sites.

As a result, they realized that passwords just weren’t enough to protect the assets that Eventbrite has in its possession, including the tools and infrastructure used to administer their site on behalf of their users.