BookingCenter takes security as seriously as you do. Privacy is of paramount importance at your location, and at ours as well.
We know that a hospitality provider has one main revenue source - your guests. We take the responsibility of protecting your data and assuring it is bookable from each of our partner's websites as well as your own - 24 hours a day, 7 days a week. Read the specifics of our commitment to keep your business up and running in our Terms of Service Agreement.
If you email us with questions or concerns, don't worry about us barraging you with junk emails or selling your names. We hate junk email as much as anybody, and will only use your email to inform you of special offers, useful tips, and tricks for improving your business. And if you would like to receive NOTHING from us ever again, we offer you that choice as well.
CISP / PCI DSS Compliance
The BookingCenter system co-locates our servers in a Level 1 Co-Location facility (United Layer) behind our corporate firewall, run with strict security permissions, and is monitored 24 hours a day, 7 days a week by our staff in Canada, Australia, and the United States. Plus, we operate transaction-level backups to assure your data is never compromised.
BookingCenter maintains strict PCI compliance. Our MyPMS product uses a certified gateway for the MyCard system from TSYS. The actual gateway is the Vital VirtualNet SSL with our certification under the Company name: "BookingCenter", Product: "MyPMS", Version: "3". You can check our latest PCI certification document here and our Self-Assessment as a SAQ-D Eligible Service Provider here. Our PCI Scan Vendor is a certified member of the PCI Compliance Council, the name of the Company is: ControlScan under their PCI validation service name: SmartScan.
Our Booking Engine uses an AuthorizeNet or PlugNPlay certified gateway system for storing and processing cards for our other products. As a Service Provider processing and storing credit card data, as requested by the credit card industry, we provide a detailed self-assessment of our BookingCenter PCI CISP compliance here . If you would like additional information about our security and data protection, contact us here.
Card handling standards ensures we no longer store a CVV2 - also called the CARD ID value - in any of the BookingCenter products. For customers who swipe credit cards in MyPMS or the Desktop Pro product, the CVV2 - which guarantees a card is present - will still be sent with the authorization, but not stored in the software. For users of the Booking Engine and Point of Sale module with Online Authorizations, the CVV2 value will be sent with an online booking authorization and emailed to the property owner in a spearate email, giving a property manager the authority to delete the CVV2 number as required by card issuing banks. This is an inconvenience but it is the law.
A popular policy-generator program is the P3P Policy Editor from IBM, which was developed by one of the authors of the P3P specification--Martin Presler-Marshall--and some of his colleagues. It features a drag-and-drop software interface that lets you edit P3P policies by dragging icons representing P3P data elements and data categories into an editing window. The tool also has pop-up windows that let you set the properties associated with each data element (purpose, recipient, etc.) and fill out general information about your website's privacy practices. As you add each data element, you can view the XML coding that has been created, as well as a corresponding human-readable version of the policy. There is also a useful Errors tab that indicates problems with your policy, such as leaving out information in required fields. The editor comes with good documentation and a set of templates for typical web sites. This tool can also create policy reference files. It is available for free download from the IBM Alphaworks web site at http://www.alphaworks.ibm.com/tech/p3peditor/.