This article answers the most common questions about viewing guest's credit card data inside the reservations.
On Cloudbeds PMS, only Property Owner has permission to view credit card details by default, other type of users must be granted permission by the Property Owner. Learn more: Viewing Credit Card Details: Overview
Per PCI Standards (Payment Card Industry Standards) viewing full credit card data can pose a liability to your business in the event that the card details were exposed to an outside source.
Some Payment Processors store the credit card data and do not allow anyone to view full details of the card, this is for the card holder's and your business' financial safety. Payment Processors that do not allow viewing credit card data:
- Cloudbeds Payments (More information: Cloudbeds Payments - Why I can't view full credit card details?)
For security purposes, each individual's credit card password will expire:
- Automatically after 90 days.
- Each time property owner forces a password reset.
To ensure smooth operation, we will send the following warnings to each user's email account prior to expiration as follows:
- 7 Days prior to expiration.
- 1 day prior to expiration.
- Upon expiration.
Make sure to reset your credit card viewing password as soon as you receive the email to avoid any disruption in your daily activities.
All users that have the privilege to access credit card information will have the Reset Credit Card Viewing Password button on My User Profile. See: How to Reset Credit Card Viewing Password
For Cloudbeds Payments:
Cloudbeds Payments stores credit card information in the safest and securest measure, by credit card tokenization. Tokenized card information will be stored in our vault for 2 years. Credit card information (token) is stored in the guest's reservation for 30 days (for confirmed, cancelled and no-show reservations). Refunds can be processed seamlessly within 30 days period.
What is credit card tokenization?
Credit card tokenization is the process of completely removing sensitive data from a companys internal network by replacing it with a randomly generated, unique placeholder called a token. For instance, if a card number was 1234 5678 8765 4321, it would end up looking something like E67TY8GQ27X.
- For confirmed reservations: the system will remove credit card details 14 days after the check-out date.
- For cancelled/no-show reservations: the system will remove credit card details 30 days after the cancellation/no-show date.