Email validation at registration (CR 540)
Email validation at registration is a common feature of e-Commerce web and mobile sites.
Any newly registered user has to confirm the email he entered is valid, usually by clicking on a confirmation link in a mail received on the provided email address.
This has many purposes:
- Make sure the provided email address is valid at registration time
- Decrease the risk of loosing ticket information sent to the user on the provided email
- Provide a clean email base for future marketing campaigns and therefore avoid mass bouncing
- Avoid identity theft by a thug abusing badly protected email addresses
To achieve this, SECUTIX now provides various email validation mechanisms.
The email validation registration process can be enabled or disabled per institution. It is enabled by default for all new institutions and will be gradually enabled for older institutions.
Ticketshop
Users need to have a validated email address to access the ticketshop.
Email validation is initiated under these use cases:
- New user creation with a SECUTIX account, i.e. no third party SSO account
- B2C user email address modification
- B2B individual and relay contacts email address modification
In all cases, the email validation process is performed as follows:
- The user gets an account verification email on the provided email
- He clicks on a link provided within the email body
- This opens a page on the ticketshop that states that the validation was successful
- The page displays a login button to proceed to normal login
Conditions
- A ticketshop logged in user who modified his email himself will be forcefully logged out and needs to log in again.
- A ticketshop logged in user who had his email modified in the back office by an operator is allowed to stay on the ticketshop until the end of the session.
- Guests are not subject to email verification.
- SSO accounts are considered as verified by default. The validation responsibility lies with the SSO IDP manager.
Box Office
Email validation trigger
When creating a new contact (individual or structure) in the back-office, the Document type and Point of Sales context must be chosen. This ensures the contact gets a validation email referring to the right context.
- Document Type lists all active "Account verification email" documents
- Point of Sales lists all point of sales in the current organization and in RUNNING state
- For individuals : Belonging to B2C sales channels
- For Relay, Structure : Belonging to Internet Agency, Internet B2B and Internet B2C sales channels
Email validation status
The status of the email will be shown on the contact page with a green circle (validated) or a red circle (non validated)
The contacts screen is shown as an example:
Friends & Family
When creating a Friends & Family connection, if the connected contact has not been verified, a warning with a link to trigger a validation email sending is displayed. This does not block the ongoing sales processes
The contact widget will display different icons for the contacts depending on their verified status
Contacts merge
- If an email is copied from Child contact to Parent contact, the verification status of Child contact will be carried over.
- If Parent contact to Child contact have the same email and one of them is verified, the Parent contact email must be verified.
Frequently Asked Questions
Handling of contacts with not validated emails
Contacts purchasing tickets with a guest account will receive their tickets on the given email address, even if the address is not validated
However they will not be able to access the ticketshop or their personal account space within it as long as their email address is not validated.
This is also the case for contacts who created their account before the email validation functionality has been activated. By default, all contacts are considered as non verified when this functionality is switched on.
Contacts anonymization
A batch to remove or anonymize non-validated contacts can be run by setting the parameter in green below to the desired sunset or legal duration
SAM Campaigns
- Is the new validated email validation flag honored for SAM campaigns?
- For institution without the email validation flag enabled nothing changes, i.e. there is no filtering
- For institutions with the email validation flag enabled, contacts without validated email are filtered out. This means they do not receive any communication at all
- If needed, this filtering can be disabled manually in the campaign settings with a warning that this action is not GDPR compliant as shown below
Use cases
How will this work for Guest checkout?
No verification mail is sent to Guests. The email will be stored as "unverified" in the contacts base and cannot be used to log in the Ticketshop
How will this work for quick checkout / on-sale processes?
The verification mail will send at first login from the customer. No verification is required at the time of the checkout / on sale process
- When a user has both a B2C (final customer) and a B2B (relay) account with the same email address, will the validation be valid for all accounts?
- No. Validation is per account, not per email address. This means that each account will need a separate validation
- On sales channels requiring opt-in validation will the end user receive one or two validation emails?
- The end user will receive two separate mails as these are two separate and independent processes
- When creating an emergency account in TIXNGO that will be injected back in S360, will the account be already validated?
- Yes. A TIXNGO imported account will be considered as validated
- What happens if a new customer was in a Peak Protect queue before entering the ticketshop and is being asked to create a contact and validate the email? Will the email validation take the customer back to the ticketshop?
- When a contact is already in the queue and has access to the ticketshop, the queue result is stored in the browser’s cookies. This means that if you open a new tab or reload the page, your queue number and status are retained, so you don’t have to queue again
- However, if the cookie is timeout or you close the browser or switch to a different browser, the queue information will be reset.
External Identity Provider (Customer SSO)
- What happens in the case of a customer who uses a third party SSO?
- This functionality only applies to Secutix managed accounts.
- For SSO linked account we assume that the email confirmation was done with the original IDP, i.e. the third party SSO owner. Thus in S360 we store a "email validated = true" flag by default for federated identities (third party SSO managed).
- If customers use a third-party SSO on some of their ticketshops but not all then the functionality could be ON, right? Can we confirm there is no impact on sales channels with external SSO active?
- Same answer as above
- Can the email validation be activated only for some sales channels?
- No. The email validation feature is activated at institution level
Migration
- How will we proceed to the activation of this function ?
- New institution will have this setting activated by default
- Existing customers will need to plan a migration sometime during the one year sunset period starting in September 2024. This means we will force email validation for everybody by September 2025 to be GDPR compliant
- Please contact your CSM to plan this migration ahead of the end of the sunset period
- It is important to know that existing customer's end users will have to validate their email has soon as they perform a new action after the migration such as printing their ticket for their next event
- Would it be possible to mark all existing contacts as “confirmed e-mail address” – as they are currently considered “confirmed” in SecuTix ?
- This is not allowed as it defeats the whole purposes of confirming the mails
- Asking customers to anonymize their contacts, as required by law, can be challenging for some of them. If they do not send an email, will only the active customer get the new e-mail validation process to follow when doing an action on the ticketshop ?
- Yes. Only customers trying to log in the ticketshop will get the email validation message
- What happens to contacts whose e-mail address is not validated ?
- They remain labeled as "not verified" and cannot log to the ticketshop
- Will they be automatically anonymized after a certain period of time ?
- No. You have to regularly run the Removal / anonymization of inactive contacts batch
© SecuTix 2023 - Login