Cyber security is a keystone of our ability to support your mission. Our security efforts are led by security expert, Nic Boling, Tessitura’s Vice President of Information Technology & Security.

At Tessitura we have a team of dedicated security specialists on staff. We employ multiple layers of defense and are committed to a strict compliance regime. Our entire team receives regular training on cyber security awareness and best practices. We continuously review the threat and solution landscape for our hosted members.

The majority of Tessitura member organizations leverage our cloud environment. Those members benefit from an environment that is fully hosted by AWS. The highly secure AWS data centers are distributed among multiple regions around the world. We use best-of-breed technology to secure the systems and data in our care. This includes next-generation firewalls, web application firewalls and advanced bot protection. It also includes security information and event management, signatureless endpoint protection, and an extended detection and response service.

We use a defense-in-depth approach to secure the Tessitura cloud environment. One control layer is regular testing of our software and infrastructure for vulnerabilities. We do this using automated vulnerability scans and manual penetration tests. We test multiple interconnected systems to simulate how a bad actor could leverage one system to access another.

Members who host their own Tessitura environment can choose how to secure their data and systems. We share best practices for secure self hosting in our implementation guide. All members use the same secure Tessitura software. Development practices use our PCI-validated Secure Software Lifecycle (SLC). Search for our Secure SLC listing on the PCI Council website here.

In 2022, we launched Tessitura Merchant Services, an integrated payment gateway and acquirer. It includes sophisticated risk controls and the option to implement 3D Secure Authentication. Tessitura Merchant Services is built in partnership with the global payment platform Adyen. (Adyen also powers transactions for companies including Uber, Spotify, eBay and Microsoft.) Like Tessitura, Adyen is a PCI DSS Level 1 Service Provider whose compliance is independently assessed every year. Tessitura Merchant Services uses Adyen’s End-to-End Encryption application. Point of interaction devices are PCI-approved. It includes sophisticated risk controls and the option to implement AVS and 3D Secure Authentication. Tessitura uses risk rules to identify and decline transactions that are likely to be fraudulent. These rules calculate a risk score based on how many of each transaction’s characteristics match the ruleset. Alongside cyber security, Tessitura's security and payment teams are committed to supporting all Tessitura organizations in implementing the best fraud prevention measures for their business and customers.