Home
Tour
Products
Pricing
Testimonials
Samples
Company
Support
Login
Reservation Nexus
PCI Compliance
Hotel Software, Guest Management Demo30-Day Risk Free Trial - questions? 877.236.268530-Day Risk Free Trial - questions? 877.236.2685

What is PCI Compliance?

The new Payment Card Industry (PCI) data security standards are network security and business practice guidelines developed by Visa, MasterCard, American Express and Discover Card. They were developed to establish a 'minimum security standard' with regards to the protection of cardholders' account and transaction information.

Who is required to meet the PCI security standard?

All entities that accept credit or debit card payment, collect, process or store credit card transaction information, regardless of their transaction volume, are required to meet the PCI standard by June 30, 2005. Failure to comply with the PCI security standard may result in substantial fines or permanent expulsion from card acceptance programs.

Scan Alert

What does Reservation Nexus do for PCI compliance?

  1. Successful completion of a PCI security self-assessment questionnaire. The self assessment questionnaire asks specific questions about our internal security practices, both on our website and in our offices.

  2. Pass quarterly remote vulnerability scans conducted by a Visa and MasterCard "Qualified Independent Scan Vendor". Reservation Nexus has selected industry leader: ScanAlert. Scans are required for all Internet connection points whether they are office networks or home/office connections (dial\-up, DSL, cable or wireless) or permanent Internet servers such as your web site and email server, etc.

What if my provider claims they are hacker safe? Are they PCI compliant?

Just because a site is scanned for hacker vulnerabilities, such as by HackerSafe or SecurityMetrics, doesn't mean that the site is PCI compliant. In fact, some hacker vulnerabilites are deemed safe by hacker scans, where as due to the stricter nature of PCI compliance, they are not permitted if you want to be PCI compliant. Hacker scans are only one part of PCI compliance.

Why doesn't Reservation Nexus store the three-digit code found on the back of the card?

Here is the exact PCI Compliance question that we have to answer yes to in order to be PCI compliant:

  • Is it prohibited to store the card-validation code (three-digit value printed on the signature panel of a card) in the database, log files, or point-of-sale products? --> Yes

Storing the number contravenes Visa's operating regulations and can lead to fines and penalties.

Our Auto Pilot edition, which includes automatic credit card processing, immediately charges the card and then discards the 3 digit number. The number is never stored. You will have to ask the customer for it each time you charge their card if your credit card provider requires it.

Where can I find references about the PCI requirements?

PCI program summary:
https://sdp.mastercardintl.com/pdf/pcd_manual.pdf

PCI security scanning procedures:
https://sdp.mastercardintl.com/pdf/PCS_Manual.pdf

PCI self-assessment questionnaire:
https://sdp.mastercardintl.com/pdf/758_PCI_Self_Assmnt_Qust.pdf

Merchant definition matrix is available at:
https://sdp.mastercardintl.com/merchants/merchant_levels.shtml
HOME | TOUR | PRODUCTS | TESTIMONIALS | SAMPLES | COMPANY | SUPPORT | SITE MAP
© COPYRIGHT 2003 - 2008 RESERVATION NEXUSTM | TERMS OF USE | PRIVACY POLICY | TRADEMARKS