Understanding PCI |
The "Payment Card Industry Data Security Standards" - short PCI DSS - are the globally valid security standards put in place for cashless transactions made with the leading international credit card companies. This IT security standard defines binding technical and operational requirements for saving, editing, and senroheding data about the credit cardholder. Since the end of 2007, the PCI has been the set of rules and regulations accepted globally for all partners working with credit card data.
The compliance to these standards is not only in the interest of the client, but is also important for business reasons. Companies saving credit card data can be fined substantial amounts should credit card data be lost or stolen.
Many transactions in the hospitality industry process cardholder information, e.g. booking a hotel room, using electronic tickets, doing a self-service check-in, performing revenue accounting etc.
protel was the first German manufacturer of hotel software to achieve compliance approval based on the newest PCI standards (PCI DSS 3.2). The approval confirms that the company's IT systems have been checked within the framework of the credit card industry's security standards (PCI DSS) and is best protected against criminal attacks. For more information, please contact your protel distributor or the protel support team.
Being a PCI DSS certified company, we have designed our products so that they help you achieve the best possible level of PCI compliancy. However, the responsibility for adhering to all of the requirements lies solely in the hands of the hotel operator. |
Tokenizer - How is the credit card data protected in protel?
A central PCI DSS regulation is the prohibition of saving unencrypted credit card information at the hotel. Of course, this also applies to the hotel software. The protel Tokenizer will therefore replace credit card information with an artificial replacement number. The Tokenizer will function as a kind of buffer between protel and the various credit card data entry points. It will capture all of the credit card information which is coming in from the entry point and replaces it with a "token". In doing so, your hotel will not come into contact with the actual credit card information. However, you can still make charges to the guest's credit card.
Benefits
more security for hotel and guest with regards to the handling of credit card data in the system
the guest's sensitive credit card data will be especially protected
Credit card processing occurs in an encrypted fashion on an entirely separate server which is protected from unauthorized access
Limitation of access to the credit card data
User access protocols for the information
The work involved with adhering to the PCI DSS requirements in your hotel software depends on the number and the type of credit card information entry locations in use at the hotel. We would gladly help you decide the amount of the work which will need to be done in order to be able to work with protel in a PCI DSS compliant manner. For more information, please contact your protel distributor or the protel support team. |
Download PDF to find out more about how working with protel SPE/MPE changes when adopting PCI compliance standards.
PCI
compliance requires certain settings to be made in the protel
software.