My Mobile Tickets Platform


INFO: Managed Payment Service

posted 29 Aug 2018, 04:49 by Matthew Poole   [ updated 29 Aug 2018, 04:49 ]

What is our Managed Payment Service?
Our Managed Payment Service (MPS) is a ready-built mobile-optimised PCI DSS compliant payment gateway integrated directly into our mobile ticketing platform that can accept debit and credit payments and PayPal payments for ticket purchases.  In addition, new payment methods will be introduced in the future such as Direct Debit and Apple / Google Pay mobile payments.  Note that Shared Platform customers must use our Managed Payment Service, but Enterprise Platform customers can choose our MPS to get up and running more quickly and to avoid integration and testing fees.

The advantages of using our MPS are:
- You do not have to apply for a merchant services account which may have lengthy credit checking and business profiling procedures and operating restrictions.
- It's ready built - no further integration and PCI compliance testing is required for your organisation.
- We offer a fixed-fee per transaction regardless of method of payment.
- Simpler accounting and reporting.
- We handle all payment queries, refunds and bank charge-back requests.

How does it work?
- When a customers purchase tickets, we process all of the payments.  You receive real-time reports of revenues through our Kiosk application.
- We will receive the funds from the various payment acquirers in the following days.
- We will reconcile all transactions, refunds and charge-backs for your account on a weekly basis.
- You will then receive a payment by bank transfer the following week, less our transaction fees and any refunds.
- Shortly after, you will receive a settlement advice detailing the total revenue, deductions applied and payment made.

Typical payment workflow


Common Questions

Q) What is the transaction fee charged?
A) Typically we charge a flat 4.5% of the ticket cost.  We do not charge any further fees to you, and we do not charge the customer any additional fees, but the is a minimum monthly fee of typically £49 we charge as per the agreement with you.  The transaction fee covers payment processing fees, bank charges, platform subscription and technical management fees for your account, our customer services team.

Q) How long before I get my revenue?
A) Revenues are paid on a weekly basis, 14 days following the transaction week-ending.

Q) How do I receive my revenue?
A) Depending on the revenue amount, you will receive your payment direct into your bank account by UK Faster Payments, or by BACS.  BACS payment can take an additional 3 days to reach your account.

Q) Can I negotiate on the transaction fee?
A) Transaction fees can be reviewed once we can establish the volume of revenue and transactions passing through your account, at the discretion of your account manager.


INFO: My Mobile Tickets - Security Overview

posted 22 Jun 2018, 02:18 by Mobile Onboard System Admin   [ updated 22 Jun 2018, 02:56 ]

My Mobile Tickets - IT Security Overview

Platform Infrastructure
Mobile Onboard's My Mobile Tickets and mTicketr Cloud infrastructure has been built on the Amazon Web Services (AWS) cloud computing platform.  This offers us high-availability and scalability to the meet the increasing demands of our system.

AWS have data centres at strategic locations across the world and allows us to deploy instances of the platform in regions to suit the legislative, data protection and performance needs of the application and customer. 

AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS cloud. This infrastructure is comprised of the hardware, software, networking, and facilities that run AWS services. They can provide several reports from third-party auditors who have verified their compliance with a variety of computer security standards and regulations (for more information, visit (https://aws.amazon.com/compliance).

Full information regarding AWS security can be found at: https://aws.amazon.com/security/

Their Security Whitepaper can be downloaded from https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf for full information.

The core AWS services that the My Mobile Tickets infrastructure has been built on are:
-    EC2
-    Elastic Beanstalk
-    S3 Storage System
-    Relational Database Service
-    Simple Email Service
-    Simple Notification Services
-    Amazon API Gateway
-    Simple Queue Service
-    Identity and Access Management
-    Amazon Route 53

Internal Security
Access to the My Mobile Tickets platform is strictly controlled and limited to specific personnel within Mobile Onboard.  No external personnel or contractors have access to the servers or platform.  We maintain security with:
-    Strong passwords and keys
-    Firewall-controlled access
-    VPN access to services
-    Monitoring of systems and real-time alerts

Data Security
Access to our databases is strictly controlled and only accessible from certain IP addresses.  Each server and application has its own credentials to access common databases such that access can be revoked immediately whilst not affecting the access from other systems.

Each database is fully backed up a minimum of once a day and the data is shipped to a secure server outside of the AWS environment.  Full server snapshots are taken at regular intervals to ensure quick business recovery in the event of a system issue.

Web App Electronic Payments
Where we provide the electronic (card) payments services through the My Mobile Tickets Web App, we confirm that we are PCI DSS compliant as certified by Elavon and Sysnet.

Where payments are made through an MMT account holder's own gateway then they are responsible for any card scheme compliancy.

All of our Web apps are secured with Extended Validation (EV) SSL certificates issued by a trusted Certificate Authority.  We do not store card details on our own servers.  Any stored card details will be with the Acquirer, and if the customer requests that the app "remembers" their details we store a token only which is provided by the Acquirer.

On-Site Kiosk Payment Systems
On-site Kiosk payments are treated as "customer present – unattended", therefore there are certain Card Scheme (i.e. Visa, Mastercard) criteria that needs to be met in terms of integration with the My Mobile Tickets platform and related security.  If the MMT account holder is using their own merchant account (rather than our payment gateway), then they are responsible for any compliancy required by their acquirer, as the payment transactions are made directly between the Customer, the Acquirer and the Merchant.  Mobile Onboard only process the "success/failure" responses at the time of purchase with the integration to the Kiosk infrastructure via the approved software.

In general, unattended Kiosk payments and the pin-entry device are monitored and processed by Creditcall – a Card Scheme approved gateway provider for chip-and-pin / contactless payments.  See https://www.creditcall.com for more information.

The Kiosk payment hardware, such as the pin-entry device and card reader are provided by Hemisphere West (http://www.hweurope.com).  Hemisphere West partner with Creditcall to provide the fully compliant physical payment system from end-to-end.

Unattended devices are built to a different standard than indoor devices.  They are designed to withstand moisture ingress, temperature extremes and impact attacks and have built-in tamper switches that activate if an attempt to open the device is detected.  Devices conform to PCI PTS 3.x or above which is the security standard for hardware devices as defined by the Payment Card Industry (PCI).

INFO: My Mobile Tickets Test Platform

posted 4 Apr 2018, 11:39 by Mobile Onboard System Admin   [ updated 18 Jul 2018, 12:13 by Matthew Poole ]

We have a staging site which allows you to try the My Mobile Tickets platform in a non-production environment.  We use this to test our application before we release new features, but we can also set-up your account and tickets for you to review and try and buy before they go live.

You can access this Staging site at: http://stage.mymobiletickets.com
NOTE: this instance of our platform is not secure (it does not have an SSL certificate), although the test payment gateways are.

If you would like to make a test payment, you can use the following Sandbox PayPal account at the checkout:
PayPal Login: ticket_1333383146_per@mobileonboard.com
Password: TicketBuyer

You can also make test card purchases using the card details found here:

Alternatively, once you have created an account on the test platform, you can ask your account manage to add funds to your Mobile Wallet.


INFO: Custom Web Triggers (ANWS)

posted 21 Mar 2018, 08:02 by Mobile Onboard System Admin   [ updated 22 Mar 2018, 03:07 ]

Custom Web Triggers are part of our Automatic Notification to Web Services (ANWS) platform.  These allow us to send data to your server via HTTP whenever something happens, such as a user registration, or ticket sale.  We are able to format this and populate with field values to your requirements when you are subscribed to our Enterprise Platform.

When an action happens, such a user registration, a request will be added to a queue on our system which will then send a trigger to your server in due course.  This normally happens within a couple of seconds.

So that we know that the request has been successful, we will expect your server to respond with an HTTP 200 OK status code.  The server will not process responses such as 302 Redirects.  In the event of a server error at your end, the request will be discarded, and you will not receive the data.  We do, however, log failures within our system, and we may implement retries in the future.

Requests can be made using either the POST or GET method, and this configured as part of your Enterprise instance profile.  Our platform will take care of formatting and encoding where required.

Available Field Mappings

User Registration Post

Field NameOur TokenData TypeDescription
Registration Date     %RDT% Date/Time Date and time the user registered for an account
First Name %FN% Text First name of the user
Last Name %LN% Text Last name of the user
Address #1 %A1% Text User's address line 1
Address #2 %A2% Text User's address line 2
Address #3 %A3% Text User's address line 3
Address #4 %A4% Text User's address line 4
City %CY% Text User's address city
County / State %ST% Text User's address county
Post Code %PC% Text User's address post code
User ID %UID% Number Internal unique ID for the user
Username %UN% Text User's login name
Email Address %EM% Text User's email address
Mobile Number %MOB% Number User's mobile number (international format) 

Example Post Format
https://mywebservice.com/user/?fname=%FN%&lname=%LN%&user=%UN%&id=%UID%

The token placeholders will be replaced with the appropriate values dynamically before sending the request to your server.


Transaction Post

Field NameOur TokenData TypeDescription
Transaction Time %TDT% Date/Time Date and time of the transaction
User ID %UID% Number Internal ID for the user
Mobile Number %MOB% Number User's mobile number (international format)
Email Address %EM% Text User's email address
Retailer Name %RNAM% Text Retailer/Vendor's name
Transaction ID %TID% Text Unique ID/reference for the transaction
Ticket Type ID %TTYP% Number Ticket type purchased
Ticket Name %TNAM% Text Display name / description of the ticket
Ticket Serial Number %TSN% Text Serial number(s) of the issued ticket(s)
Ticket Price %TPR% Number Face value of the ticket
Discounts Applied %TDIS% Number Any discount applied to the transaction
Amount Paid %TAMT% Number Total amount paid for the transaction
Voucher Code Used %VCD% Text Voucher code applied, where applicable
Ticket Start Date %TST% Date/Time Start date of the ticket, where applicable.  Empty if not specified.
Ticket Expiry Date %TEX% Date/Time Expiry date of the ticket, where applicable.  Empty if ticket is not   activated.

Example Post Format
https://mywebservice.com/purchase/?uid=%UID%&type=%TTYP%&transid=%TID%

The token placeholders will be replaced with the appropriate values dynamically before sending the request to your server.

INFO: What is the Kiosk Application?

posted 21 Aug 2017, 06:01 by Mobile Onboard System Admin   [ updated 14 Sep 2017, 09:21 ]

Kiosk is our online-hosted service that allows you to quickly access all of your data and configuration for your My Mobile Tickets account.

Key features of Kiosk enable you to:
  • View your passenger account details
  • Manage your ticket types
  • Manage your voucher codes
  • Access live ticket sales reports, and download all of your historical sales reports
  • Real-time reporting for our onboard Smart ETM system

Accessing Kiosk
You can access the Kiosk application at kiosk.mymobiletickets.com - you will need the Account login details which would have been sent to you separately when your My Mobile Tickets service was set up.

The online manual for Kiosk can be found here.

1-5 of 5