Per PCI Standards (Payment Card Industry Standards), viewing full credit card data can pose a liability to your business in the event that the card details were exposed to an outside source.
With Cloudbeds Payments, we securely store your credit card data and prioritize protecting your card holders and your business’s financial safety.
Why You Can't See Full Credit Card Details
For security and PCI compliance, full credit card details are restricted. There are three main reasons you may not be able to view the full Primary Account Number (PAN) and CVV:
1. Payment Processor Security Restrictions (Expected Behavior)
Properties using secure payment processors like Cloudbeds Payments, Stripe, or PayU store credit cards as encrypted tokens. These processors restrict access to the full card number and CVV to maintain security.
- Result: Only the card type and the last four digits are displayed. This is the expected and secure behavior for reservations originating from your Booking Engine and OTAs.
- Note: The system cannot store credit card details if a contactless payment method was used.
2. Missing Credit Card Viewing Passcode
Even users with the required permissions (including the Property Owner) must set a separate, distinct security password to unlock the "Show Card Details" button.
- How to Check: If you open the reservation's Credit Cards tab and the "Show Card Details" button prompts for a password setup, you must first create this passcode.
- Where to Set It: Navigate to Account → My Profile → Reset credit card viewing passcode.
3. Insufficient User Permissions
If the "Show Card Details" button is missing entirely, the user attempting to view the card lacks the necessary access.
- Only the Property Owner or users explicitly granted "Credit Card Viewing Access" in Settings → Users → Security can access full card details.
- Action: If this permission is enabled for the user, they must still set their individual credit card viewing passcode (as described above).
Why Was I Able to View Credit Card Data with My Previous Provider?
The PCI Security Standards Council recommends you protect all card data, only keep what you need, and limit access wherever possible.
With the progression of technology and the advancements fraudsters have made, it has become dangerous and unsecure for anyone to view full credit card data (even when password protected) and can pose a huge breach threat to any business.
With Cloudbeds Payments, we encrypt the card data at the time of capture (transaction in-flight) and then we securely store your guests' card data once entered (data at rest), which gives peace of mind that your data is safe.
The Credit Card Entered Initially Was Incorrect. How Can I See or/and Edit the Card Number?
If you feel that a credit card was entered incorrectly, you cannot edit a card that has already been saved in the system. We advise the following procedure:
- Deactivate the card that is invalid.
- Reenter the full credit card details as a newly stored card.
There are multiple validations run against a card at the time of entry which help mitigate invalid credit card data being captured. These include: valid expiration date, valid credit card number, and valid CVV code.
If a guest is requesting to validate the card used during a reservation, we advise that you solely provide the card type and last 4 digits of the card captured. Providing further credit card details can put you at risk of a fraudster that may be deceptive and conducting a scam.
If the information provided is incorrect, you can simply reenter the new card information under the folio and save.
Additional Features
Although you can't see full credit card details, you can import a credit card from one reservation to another. Please check the following article for further details: How to use credit card details from an existing reservation for a new reservation.
Comments
Please sign in to leave a comment.