I'm upset with Webervations!

[EmptyNest]

Last month a "glitch" in their system let through a last minutes special that never existed! When they were called they had no explaination. Right now I'm in the middle of changing my hosting company, then asta la vista baby!.

BD, did you a pick a new system yet or still looking? I am sorely tempted to switch but hate the thought of the hassle.
.

Rupert, I'm pretty sold on Reservation Key. I'll be calling them this week to ask some specific questions. My biggest concern is if I can get all my previous guest info (Rezo) transferred over. At least their personal info and reservations dates.
.

I really like the look of the RezKey client interaction (as I've seen it on sunshine's and JB's websites), and I really love that you can book more than one room at a time. AND the price is definitely right. My concern is their level of PCI compliance, do they talk about that at all?
.

HOnestly....PCI compliance is there issue...not yours. How are the credit card police going to keep track of all the millions of places that take credit cards? As long as you don't store them on your computer...I would think you are doing your responsibility. Thought just my opinion

 

[Proud Texan]

I am surprised that given the situation, no call in support has been offered over the weekends. Those are pretty critical times..

I think part of the problem is that the Webervations staff is still pretty small (one or two people?) and they are based in Ohio versus B&B.com/Rezovations which are based in Texas. I don't think the Webervations office has the full staff support that the TX office has (although even TX is only available by phone M-F 9-5 I think).
.

Swirt is correct. For us, anyway, the weekends are critical times. It makes no sense to provide a service for a specific industry then fail to be available during their normal operational hours.

 

[Red Handed Jill]

Innkeeper friend called last week to get cc numbers for her Webervations that had been masked. Before giving the cc numbers they had to phone the Inn back directly to "make sure it was really them"???
Meanwhile all of my cc numbers have been coming in just fine so why are some masked and some not?.

Meanwhile all of my cc numbers have been coming in just fine so why are some masked and some not?
Because yours was never accessed with an IP address that had not already been used before the phishing scam was attempted. Inns who have been locked are inns where a new ip address has been used since the phishing scam. This means that either the inn has a new ip address (sometimes they change due to your internet service provider) or some unauthorized person is logging into that inn's account with the username and password they got that from the innkeeper because the innkeeper got Phished/fooled into giving it to them.
Calling the inn directly (using the inn's advertised phone number) would really be the only way to verify the person is who they say they are. If the person calling was the phisher, they would have access to all the same account number / username and password so the only way to prevent them from having access would be to call the inn. The phisher can't answer your phone...unless he has you tied up and locked in a closet....in which case you have bigger problems than phishing to worry about.
.

This means that either the inn has a new ip address (sometimes they change due to your internet service provider) or some unauthorized person is logging into that inn's account with the username and password they got that from the innkeeper because the innkeeper got Phished/fooled into giving it to them.

Wait - - we're on the road a lot. I am quite certain that I regularly log in from my sister's house (using my laptop), two different computers in our house (the BnB) and now that I switched to a smart phone...I can log in from TONS of places. Wouldn't all those have differeing IP addresses as well? Surely I'm not the only innkeeper who logs in from remote locations. I may be thinking with blinders on, but it seems to me that's an alternative to the only legitimate log in coming from the physical location of the inn.
We use cloud computing for a reason. This situation won't work for us. I expect I will be one of many calls to Webervations this week. In the mean time, I'm trying to learn what I expect will be our new reservation system.
What really stinks is we prepaid for the year. But if my needs can't be met, I intend to explain in single syllables that losing the balance on our account is a small price to pay to avoid the problems this will cause.

 

[Don Draper]

I am surprised that given the situation, no call in support has been offered over the weekends. Those are pretty critical times..

I think part of the problem is that the Webervations staff is still pretty small (one or two people?) and they are based in Ohio versus B&B.com/Rezovations which are based in Texas. I don't think the Webervations office has the full staff support that the TX office has (although even TX is only available by phone M-F 9-5 I think).
.

Swirt is correct. For us, anyway, the weekends are critical times. It makes no sense to provide a service for a specific industry then fail to be available during their normal operational hours.
.

I totally agree.

 

[Morticia]

Last month a "glitch" in their system let through a last minutes special that never existed! When they were called they had no explaination. Right now I'm in the middle of changing my hosting company, then asta la vista baby!.

BD, did you a pick a new system yet or still looking? I am sorely tempted to switch but hate the thought of the hassle.
.

Rupert, I'm pretty sold on Reservation Key. I'll be calling them this week to ask some specific questions. My biggest concern is if I can get all my previous guest info (Rezo) transferred over. At least their personal info and reservations dates.
.

I really like the look of the RezKey client interaction (as I've seen it on sunshine's and JB's websites), and I really love that you can book more than one room at a time. AND the price is definitely right. My concern is their level of PCI compliance, do they talk about that at all?
.

HOnestly....PCI compliance is there issue...not yours. How are the credit card police going to keep track of all the millions of places that take credit cards? As long as you don't store them on your computer...I would think you are doing your responsibility. Thought just my opinion
.

HOnestly....PCI compliance is there issue...not yours. How are the credit card police going to keep track of all the millions of places that take credit cards? As long as you don't store them on your computer...I would think you are doing your responsibility. Thought just my opinion

When you do the self assessment for PCI compliance, you should verify that the folks who are accepting the guests' info on your behalf are doing something to protect it. Because, ultimately, the onus will fall on the shoulders least able to hire a lawyer.

 

[Don Draper]

Last month a "glitch" in their system let through a last minutes special that never existed! When they were called they had no explaination. Right now I'm in the middle of changing my hosting company, then asta la vista baby!.

BD, did you a pick a new system yet or still looking? I am sorely tempted to switch but hate the thought of the hassle.
.

Rupert, I'm pretty sold on Reservation Key. I'll be calling them this week to ask some specific questions. My biggest concern is if I can get all my previous guest info (Rezo) transferred over. At least their personal info and reservations dates.
.

I really like the look of the RezKey client interaction (as I've seen it on sunshine's and JB's websites), and I really love that you can book more than one room at a time. AND the price is definitely right. My concern is their level of PCI compliance, do they talk about that at all?
.

HOnestly....PCI compliance is there issue...not yours. How are the credit card police going to keep track of all the millions of places that take credit cards? As long as you don't store them on your computer...I would think you are doing your responsibility. Thought just my opinion
.

HOnestly....PCI compliance is there issue...not yours. How are the credit card police going to keep track of all the millions of places that take credit cards? As long as you don't store them on your computer...I would think you are doing your responsibility. Thought just my opinion

When you do the self assessment for PCI compliance, you should verify that the folks who are accepting the guests' info on your behalf are doing something to protect it. Because, ultimately, the onus will fall on the shoulders least able to hire a lawyer.
.

Exactly. I just haven't seen any info from RezKey on this yet...still investigating and will let you all know what I find.

 

[Copperhead]

Last month a "glitch" in their system let through a last minutes special that never existed! When they were called they had no explaination. Right now I'm in the middle of changing my hosting company, then asta la vista baby!.

BD, did you a pick a new system yet or still looking? I am sorely tempted to switch but hate the thought of the hassle.
.

Rupert, I'm pretty sold on Reservation Key. I'll be calling them this week to ask some specific questions. My biggest concern is if I can get all my previous guest info (Rezo) transferred over. At least their personal info and reservations dates.
.

I really like the look of the RezKey client interaction (as I've seen it on sunshine's and JB's websites), and I really love that you can book more than one room at a time. AND the price is definitely right. My concern is their level of PCI compliance, do they talk about that at all?
.

HOnestly....PCI compliance is there issue...not yours. How are the credit card police going to keep track of all the millions of places that take credit cards? As long as you don't store them on your computer...I would think you are doing your responsibility. Thought just my opinion
.

It IS our responsibility as well as the booking system we use to collect the data. My merchant processing company requires me to be PCI compliant. The questionaire includes a question about how the data is stored - if you use a system. (they are all yes no questions but they do ask this in some way)
By placing this on our site, we are accountable!
Think of this as a customer, if you purchased something on line and a week later you find that your card had been compromised - who are going to hold responsible? The store - you would go after the store, the store would then go after their provider. It is a domino.

 

[domsmom]

Innkeeper friend called last week to get cc numbers for her Webervations that had been masked. Before giving the cc numbers they had to phone the Inn back directly to "make sure it was really them"???
Meanwhile all of my cc numbers have been coming in just fine so why are some masked and some not?.

Meanwhile all of my cc numbers have been coming in just fine so why are some masked and some not?
Because yours was never accessed with an IP address that had not already been used before the phishing scam was attempted. Inns who have been locked are inns where a new ip address has been used since the phishing scam. This means that either the inn has a new ip address (sometimes they change due to your internet service provider) or some unauthorized person is logging into that inn's account with the username and password they got that from the innkeeper because the innkeeper got Phished/fooled into giving it to them.
Calling the inn directly (using the inn's advertised phone number) would really be the only way to verify the person is who they say they are. If the person calling was the phisher, they would have access to all the same account number / username and password so the only way to prevent them from having access would be to call the inn. The phisher can't answer your phone...unless he has you tied up and locked in a closet....in which case you have bigger problems than phishing to worry about.
.

This means that either the inn has a new ip address (sometimes they change due to your internet service provider) or some unauthorized person is logging into that inn's account with the username and password they got that from the innkeeper because the innkeeper got Phished/fooled into giving it to them.

Wait - - we're on the road a lot. I am quite certain that I regularly log in from my sister's house (using my laptop), two different computers in our house (the BnB) and now that I switched to a smart phone...I can log in from TONS of places. Wouldn't all those have differeing IP addresses as well? Surely I'm not the only innkeeper who logs in from remote locations. I may be thinking with blinders on, but it seems to me that's an alternative to the only legitimate log in coming from the physical location of the inn.
We use cloud computing for a reason. This situation won't work for us. I expect I will be one of many calls to Webervations this week. In the mean time, I'm trying to learn what I expect will be our new reservation system.
What really stinks is we prepaid for the year. But if my needs can't be met, I intend to explain in single syllables that losing the balance on our account is a small price to pay to avoid the problems this will cause.
.

I also paid for the year and after reading all these posts will be researching alternatives. I figure at least I can keep webervations live while I learn a new system.

 

[swirt]

Innkeeper friend called last week to get cc numbers for her Webervations that had been masked. Before giving the cc numbers they had to phone the Inn back directly to "make sure it was really them"???
Meanwhile all of my cc numbers have been coming in just fine so why are some masked and some not?.

Meanwhile all of my cc numbers have been coming in just fine so why are some masked and some not?
Because yours was never accessed with an IP address that had not already been used before the phishing scam was attempted. Inns who have been locked are inns where a new ip address has been used since the phishing scam. This means that either the inn has a new ip address (sometimes they change due to your internet service provider) or some unauthorized person is logging into that inn's account with the username and password they got that from the innkeeper because the innkeeper got Phished/fooled into giving it to them.
Calling the inn directly (using the inn's advertised phone number) would really be the only way to verify the person is who they say they are. If the person calling was the phisher, they would have access to all the same account number / username and password so the only way to prevent them from having access would be to call the inn. The phisher can't answer your phone...unless he has you tied up and locked in a closet....in which case you have bigger problems than phishing to worry about.
.

Scratching my head here now. - I am no techie by any stretch of the word. I would think that the IP's would be close to being the same anyway???? Am I not right?
Mine were good until today - so all week no problems, then come Sat. - when there is noone to reply to a call, I start having the problem. The IP must be the reason why as I was not contacted nor would I have given out that data to anyone.
I would think that after a week, they should have had a handle on the issue. And they should have had someone on call until the situation is completely resolved. As someone said - Service is just not there.
.

Scratching my head here now. - I am no techie by any stretch of the word. I would think that the IP's would be close to being the same anyway???? Am I not right?

In general, sort of. If my ISP rolls my ip address, it is usually pretty similar to the one I had. However, If I was traveling or using a smart phone, or even using dial up, it is more likely that the ip addresses are not remotely close.
Please keep in mind, I am only speculating on the response as to how phishing attacks are handled/defended. I know of no specific details regarding webervations other than what people have stated here.
Phishing schemes are very difficult to defend against because the person has everything they need in order to log in. The only real defense is to have everyone alter their login credentials (username and password) which is not always an option.

 

[swirt]

Innkeeper friend called last week to get cc numbers for her Webervations that had been masked. Before giving the cc numbers they had to phone the Inn back directly to "make sure it was really them"???
Meanwhile all of my cc numbers have been coming in just fine so why are some masked and some not?.

Meanwhile all of my cc numbers have been coming in just fine so why are some masked and some not?
Because yours was never accessed with an IP address that had not already been used before the phishing scam was attempted. Inns who have been locked are inns where a new ip address has been used since the phishing scam. This means that either the inn has a new ip address (sometimes they change due to your internet service provider) or some unauthorized person is logging into that inn's account with the username and password they got that from the innkeeper because the innkeeper got Phished/fooled into giving it to them.
Calling the inn directly (using the inn's advertised phone number) would really be the only way to verify the person is who they say they are. If the person calling was the phisher, they would have access to all the same account number / username and password so the only way to prevent them from having access would be to call the inn. The phisher can't answer your phone...unless he has you tied up and locked in a closet....in which case you have bigger problems than phishing to worry about.
.

This means that either the inn has a new ip address (sometimes they change due to your internet service provider) or some unauthorized person is logging into that inn's account with the username and password they got that from the innkeeper because the innkeeper got Phished/fooled into giving it to them.

Wait - - we're on the road a lot. I am quite certain that I regularly log in from my sister's house (using my laptop), two different computers in our house (the BnB) and now that I switched to a smart phone...I can log in from TONS of places. Wouldn't all those have differeing IP addresses as well? Surely I'm not the only innkeeper who logs in from remote locations. I may be thinking with blinders on, but it seems to me that's an alternative to the only legitimate log in coming from the physical location of the inn.
We use cloud computing for a reason. This situation won't work for us. I expect I will be one of many calls to Webervations this week. In the mean time, I'm trying to learn what I expect will be our new reservation system.
What really stinks is we prepaid for the year. But if my needs can't be met, I intend to explain in single syllables that losing the balance on our account is a small price to pay to avoid the problems this will cause.
.

Wait - - we're on the road a lot. I am quite certain that I regularly log in from my sister's house (using my laptop), two different computers in our house (the BnB) and now that I switched to a smart phone...I can log in from TONS of places. Wouldn't all those have differeing IP addresses as well? Surely I'm not the only innkeeper who logs in from remote locations. I may be thinking with blinders on, but it seems to me that's an alternative to the only legitimate log in coming from the physical location of the inn.
Again, big disclaimer here, I am only speculating on the nature of their defense, purely from someone with an IT background, not inside info.
Yes you would have a different IP address for all of these locations. IF you had used them before the phishing scheme was launched, then they probably would have been logged in their system and when the phishing scheme was discovered, they probably were used to generate the whitelist. If and only if someone logged in from an ip address not on that list would have triggered the safety net. This defense would not be an always in place kind of thing, it would have only existed in response to discovering a phishing scheme ... like them discovering someone had sent out a bogus email blast asking innkeepers to log into a bogus site.

 

[swirt]

Last month a "glitch" in their system let through a last minutes special that never existed! When they were called they had no explaination. Right now I'm in the middle of changing my hosting company, then asta la vista baby!.

BD, did you a pick a new system yet or still looking? I am sorely tempted to switch but hate the thought of the hassle.
.

Rupert, I'm pretty sold on Reservation Key. I'll be calling them this week to ask some specific questions. My biggest concern is if I can get all my previous guest info (Rezo) transferred over. At least their personal info and reservations dates.
.

I really like the look of the RezKey client interaction (as I've seen it on sunshine's and JB's websites), and I really love that you can book more than one room at a time. AND the price is definitely right. My concern is their level of PCI compliance, do they talk about that at all?
.

HOnestly....PCI compliance is there issue...not yours. How are the credit card police going to keep track of all the millions of places that take credit cards? As long as you don't store them on your computer...I would think you are doing your responsibility. Thought just my opinion
.

HOnestly....PCI compliance is there issue...not yours. How are the credit card police going to keep track of all the millions of places that take credit cards? As long as you don't store them on your computer...I would think you are doing your responsibility. Thought just my opinion

Like Morticia described, compliance rides with both. You have to, when you do your self audit, acknowledge that you either know the provider is compliant or not. If they are not, and you know about it... well that's not good.

 

[JBloggs]

I have requested information on reporting, as well as transferring guest data over to RezKey. I will post on another thread that pertains to this subject.
I did a print screen for one innkeeper to show the reporting avail, but can't post that on here with confidential info and guest names etc on that screen.