Myfrontdesk and mybookings have a number of built in security measures. Listed below are some of the most commonly asked about.
- Everyone accessing your Cloudbeds property account should have their own username. This allows you to easily view their activity in the system.
- Set up correct user roles and make sure only users you approve have access to financial data.
- Never share your username and password with anyone else.
- Credit card details should always be entered directly into the system and not written down on a piece of paper.
Credit Card Data
- Ensuring the financial security of our customers is a huge priority for us as a company. Cloudbeds does not store credit card information. Rather, it connects to a third-party secure, encrypted, and token-based vault for payments and processing, ensuring complete payment card industry (PCI) compliance.
- Payment details can only be accessed by property's authorized users by entering their email and password after clicking on "Show Details" on the Credit Cards tab of that specific reservation's page. The payment details are then retrieved from the secure, third-party vault for viewing.
- Cloudbeds does not store credit card data on its servers. It is encrypted before being sent to and then retrieved from a third-party token encryption vault.
- Credit card access is also blocked from our system 14 days after the reservation's departure date. Only the last four digits and the card type will remain.
Credit Card Security Tips
- It is not possible for a credit card to be hacked from our servers, since we do not store these cards in our database.
- The credit card could have been cloned while making a purchase at another business or vendor.
- Only give Credit Card viewing privileges to those individuals in your organization that you trust and that also must see them in order to service the guest. The more personnel with access to the credit cards, the greater the security risk.
- If you need help to turn off credit card access to certain myfrontdesk users, please consult this article: How can I be sure that employees have no access to data from the guests credit card?
SSL encryption helps ensure that all data entered by a guest remains private. This can be seen at the beginning of a site's URL as "https://" instead of "http://".
All mybookings pages have full SSL certification to maintain a secure connection for all web traffic including data entered by a guest while making a new booking.
- When using an iframe or creating your own widget, make sure to use the complete mybookings URL, including the "https://".
- While the property's website, which contains the iframe or widget, doesn't need to use SSL, it really should since many customers will not enter their payment details otherwise.
- Not having SSL on your website prevents a user from checking that an iframe or widget is actually served securely and from which site it's from. (Examples from the programming site Stack Overflow here.)
- Websites without an SSL certificate may not be compatible with a browser's autocomplete feature, especially for credit card details.
- For information on how to add SSL to your personal website, please contact either your web developer or your website provider's support team (if you're using a company like Squarespace or Wix).
Guest and account data is safely stored on Amazon AWS servers. We are using an RDS database. All of our production applications (compute, network, and storage) are hosted within AWS's US-West-2 Region (Oregon) and take advantage of the 4 availability zones in that Oregon Region.
Our systems are hosted in the United States, but we follow all applicable privacy and compliance regulations for EU laws (such as the GDPR). Documentation regarding Cloudbeds' compliance with GDPR can be found in our Knowledge Base.