Quantcast

Webervations booking problems - just me????

INNspiring.com | Innkeeper Forum & Innkeeping Resources

Help Support INNspiring.com | Innkeeper Forum & Innkeeping Resources:

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
FYI - If you have not had a reservation via Webervations today, check by making a test reservation from your site.
I had a call a couple of hours ago asking if his reservation had been received. He seemed confused because after he hit submit, it returned to a blank form instead of giving him a message or as he stated - a confirmation number. In checking my email, I have no reservation and in webvations the date and room are still open.
I did a couple of test bookings and no reservation came through...I have an email to Webervations regarding the problem. Will provide info when received.
 

egoodell

Well-known member
Joined
Jun 1, 2008
Messages
3,023
Reaction score
0
Things with Webervations are just not the same as they used to be. There are a number of inns considering swtiching to Availabiltiy Online. Many already use it and recommend it.
This booking system does not yet have the choice of having the room automatically removed when the guest books, which does not matter to me as I don't use that feature because of our tour bookings, but they will be adding it in 30 - 60 days, as they are testing that feature right now.
It uploads to most all management software, and looks affordable to me at $65 or $140 per year - their regular and premium system.
RIki
 

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
Things with Webervations are just not the same as they used to be. There are a number of inns considering swtiching to Availabiltiy Online. Many already use it and recommend it.
This booking system does not yet have the choice of having the room automatically removed when the guest books, which does not matter to me as I don't use that feature because of our tour bookings, but they will be adding it in 30 - 60 days, as they are testing that feature right now.
It uploads to most all management software, and looks affordable to me at $65 or $140 per year - their regular and premium system.
RIki.
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
 

egoodell

Well-known member
Joined
Jun 1, 2008
Messages
3,023
Reaction score
0
Things with Webervations are just not the same as they used to be. There are a number of inns considering swtiching to Availabiltiy Online. Many already use it and recommend it.
This booking system does not yet have the choice of having the room automatically removed when the guest books, which does not matter to me as I don't use that feature because of our tour bookings, but they will be adding it in 30 - 60 days, as they are testing that feature right now.
It uploads to most all management software, and looks affordable to me at $65 or $140 per year - their regular and premium system.
RIki.
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
.
Copperhead said:
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
That's my point. Used to be we could call Webervations and get a person on the line right away. This other company is answering emails and calls so some of us are liking that.
RIki
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
Things with Webervations are just not the same as they used to be. There are a number of inns considering swtiching to Availabiltiy Online. Many already use it and recommend it.
This booking system does not yet have the choice of having the room automatically removed when the guest books, which does not matter to me as I don't use that feature because of our tour bookings, but they will be adding it in 30 - 60 days, as they are testing that feature right now.
It uploads to most all management software, and looks affordable to me at $65 or $140 per year - their regular and premium system.
RIki.
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
.
Copperhead said:
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
That's my point. Used to be we could call Webervations and get a person on the line right away. This other company is answering emails and calls so some of us are liking that.
RIki
.
egoodell said:
Copperhead said:
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
That's my point. Used to be we could call Webervations and get a person on the line right away. This other company is answering emails and calls so some of us are liking that.
RIki
Hey guys - we are looking into this right now. I'll let you know what I find out. In terms of service levels - we kept every Webervations employee on staff. It is the same folks you have always dealt with. They are a bit flooded right now because of the confusion over CVV's. As I posted earlier - a LOT of innkeepers are calling in and saying "I don't believe you - if Availabilty Online can store CVV's, why can't you..." Well - because we are following the very explicit rules - that is why!
We put together a comparison document on the two systems in case you are interested to see some of the key feature differences. Tried to put it in a graphic, but a little hard to read:

 

egoodell

Well-known member
Joined
Jun 1, 2008
Messages
3,023
Reaction score
0
Things with Webervations are just not the same as they used to be. There are a number of inns considering swtiching to Availabiltiy Online. Many already use it and recommend it.
This booking system does not yet have the choice of having the room automatically removed when the guest books, which does not matter to me as I don't use that feature because of our tour bookings, but they will be adding it in 30 - 60 days, as they are testing that feature right now.
It uploads to most all management software, and looks affordable to me at $65 or $140 per year - their regular and premium system.
RIki.
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
.
Copperhead said:
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
That's my point. Used to be we could call Webervations and get a person on the line right away. This other company is answering emails and calls so some of us are liking that.
RIki
.
egoodell said:
Copperhead said:
egoodell, no things are not the same BUT I do think that they (bandb) are trying to make the system as secure and PCI compliant as possible where I do think that many of the others are lacking. I will keep my eyes open but at this point I will give them time to get things up to par.
I just wish that bandb would communicate to their customers what and when maintenance will be done so we can be prepared. Email requesting update - 2 hours ago and counting...still no reply! For this I am not happy!
That's my point. Used to be we could call Webervations and get a person on the line right away. This other company is answering emails and calls so some of us are liking that.
RIki
Hey guys - we are looking into this right now. I'll let you know what I find out. In terms of service levels - we kept every Webervations employee on staff. It is the same folks you have always dealt with. They are a bit flooded right now because of the confusion over CVV's. As I posted earlier - a LOT of innkeepers are calling in and saying "I don't believe you - if Availabilty Online can store CVV's, why can't you..." Well - because we are following the very explicit rules - that is why!
We put together a comparison document on the two systems in case you are interested to see some of the key feature differences. Tried to put it in a graphic, but a little hard to read:

.
[/quote]
Hey guys - we are looking into this right now. I'll let you know what I find out. In terms of service levels - we kept every Webervations employee on staff. It is the same folks you have always dealt with. They are a bit flooded right now because of the confusion over CVV's. As I posted earlier - a LOT of innkeepers are calling in and saying "I don't believe you - if Availabilty Online can store CVV's, why can't you..." Well - because we are following the very explicit rules - that is why!
We put together a comparison document on the two systems in case you are interested to see some of the key feature differences. Tried to put it in a graphic, but a little hard to read:
[/quote]
Some of these things indicated as not available will be soon. They are testing an upgrade right now.
RIki
 

mooseberry

Well-known member
Joined
Jun 9, 2008
Messages
505
Reaction score
0
I just tried mine and it seemed to work. I did receive my reservation.
HOWEVER......I also noticed that it stated in the fields, where I am asking "How did you find us?" it said trough Bedandbreakfast.com website,
I am very disappointed about his since I went directly to my website and this will only mislead me on seeing where most of my costomers are coming from.
I guess I just have to count the B&B.com website as a google search from now on.
Frustrating.
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
I've heard AO is coming out with some changes. We'll certainly update this when that is the case - I think competition is great for the industry. We've learned a lot about some useful features from competitors of ours, and I'm sure they learn the same from us. Incidentally - I was curious if Availability Online validates the credit card info - so I tested a property. They do not - so any random number will work. Could be something that is being pdated/changed, but another difference to add to the list.
While testing that - for all of you concerned with credit card security - the CVV code on AO is redisplayed as actual text right online on the confirmation screen - again a huge no-no for PCI rules that ultimately properties will be held liable for. I don't mean to go on a witch hunt - but this is something that innkeepers should really be aware of. I certainly would not want to take on that type of liability. This is directly from the PCI website and affects the merchant of record in any data breach (the property):
>Q: What are the penalties for noncompliance?
>A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.

http://www.practicalecommerce.com/articles/717-Merchants-Liable-For-Data-Breaches

Here is a great article on the impact this can have for small businesses. Mind you - most of these business were using a 3rd party system that they didn't realize was storing sensitive information - yet the small business gets the fine, not the 3rd party...

http://online.wsj.com/article/SB119042666704635941.html?mod=sphere_ts
 

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
I've heard AO is coming out with some changes. We'll certainly update this when that is the case - I think competition is great for the industry. We've learned a lot about some useful features from competitors of ours, and I'm sure they learn the same from us. Incidentally - I was curious if Availability Online validates the credit card info - so I tested a property. They do not - so any random number will work. Could be something that is being pdated/changed, but another difference to add to the list.
While testing that - for all of you concerned with credit card security - the CVV code on AO is redisplayed as actual text right online on the confirmation screen - again a huge no-no for PCI rules that ultimately properties will be held liable for. I don't mean to go on a witch hunt - but this is something that innkeepers should really be aware of. I certainly would not want to take on that type of liability. This is directly from the PCI website and affects the merchant of record in any data breach (the property):
>Q: What are the penalties for noncompliance?
>A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.

http://www.practicalecommerce.com/articles/717-Merchants-Liable-For-Data-Breaches

Here is a great article on the impact this can have for small businesses. Mind you - most of these business were using a 3rd party system that they didn't realize was storing sensitive information - yet the small business gets the fine, not the 3rd party...

http://online.wsj.com/article/SB119042666704635941.html?mod=sphere_ts.
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
I've heard AO is coming out with some changes. We'll certainly update this when that is the case - I think competition is great for the industry. We've learned a lot about some useful features from competitors of ours, and I'm sure they learn the same from us. Incidentally - I was curious if Availability Online validates the credit card info - so I tested a property. They do not - so any random number will work. Could be something that is being pdated/changed, but another difference to add to the list.
While testing that - for all of you concerned with credit card security - the CVV code on AO is redisplayed as actual text right online on the confirmation screen - again a huge no-no for PCI rules that ultimately properties will be held liable for. I don't mean to go on a witch hunt - but this is something that innkeepers should really be aware of. I certainly would not want to take on that type of liability. This is directly from the PCI website and affects the merchant of record in any data breach (the property):
>Q: What are the penalties for noncompliance?
>A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.

http://www.practicalecommerce.com/articles/717-Merchants-Liable-For-Data-Breaches

Here is a great article on the impact this can have for small businesses. Mind you - most of these business were using a 3rd party system that they didn't realize was storing sensitive information - yet the small business gets the fine, not the 3rd party...

http://online.wsj.com/article/SB119042666704635941.html?mod=sphere_ts.
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
.
Copperhead said:
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
Completely agree - we are already looking into this. Very strange. We are adding even more checks to the data btw over the next few weeks... to validate all kinds of data - and we will be putting in the official checksum on credit cards - all credit cards add up to a specific sum based on a well-known algorithm - so we can at least check to make sure the card is valid in this respect.
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
I've heard AO is coming out with some changes. We'll certainly update this when that is the case - I think competition is great for the industry. We've learned a lot about some useful features from competitors of ours, and I'm sure they learn the same from us. Incidentally - I was curious if Availability Online validates the credit card info - so I tested a property. They do not - so any random number will work. Could be something that is being pdated/changed, but another difference to add to the list.
While testing that - for all of you concerned with credit card security - the CVV code on AO is redisplayed as actual text right online on the confirmation screen - again a huge no-no for PCI rules that ultimately properties will be held liable for. I don't mean to go on a witch hunt - but this is something that innkeepers should really be aware of. I certainly would not want to take on that type of liability. This is directly from the PCI website and affects the merchant of record in any data breach (the property):
>Q: What are the penalties for noncompliance?
>A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.

http://www.practicalecommerce.com/articles/717-Merchants-Liable-For-Data-Breaches

Here is a great article on the impact this can have for small businesses. Mind you - most of these business were using a 3rd party system that they didn't realize was storing sensitive information - yet the small business gets the fine, not the 3rd party...

http://online.wsj.com/article/SB119042666704635941.html?mod=sphere_ts.
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
.
Copperhead said:
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
Just got an email back on this. We believe the way David wrote the tracking in Webervations is based on caching the IP address. So - if you visited bb.com last of all the directories that David had written into the system - it would keep that as the last site you visited and show a referral from BB.com. Same goes with BBonline or any of the directories that is hard-coded. It sounds like this has always been the case.
So if you visit BBonline last, then even a week later go make a reservation from the same computer, the referral would show up as BBonline.
Clearly this isn't a great way to do it, but quite frankly, it is unusual for any system to track this type of thing itself. Entire businesses have been built on good web tracking (i.e. Urchin and Google Analytics) with huge teams of programmers trying to get it correct... we will try to figure out how to make it more accurate, but this was something that we inherited with the system, and another thing on a long, long list of items we are trying to improve.
 

mooseberry

Well-known member
Joined
Jun 9, 2008
Messages
505
Reaction score
0
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
I've heard AO is coming out with some changes. We'll certainly update this when that is the case - I think competition is great for the industry. We've learned a lot about some useful features from competitors of ours, and I'm sure they learn the same from us. Incidentally - I was curious if Availability Online validates the credit card info - so I tested a property. They do not - so any random number will work. Could be something that is being pdated/changed, but another difference to add to the list.
While testing that - for all of you concerned with credit card security - the CVV code on AO is redisplayed as actual text right online on the confirmation screen - again a huge no-no for PCI rules that ultimately properties will be held liable for. I don't mean to go on a witch hunt - but this is something that innkeepers should really be aware of. I certainly would not want to take on that type of liability. This is directly from the PCI website and affects the merchant of record in any data breach (the property):
>Q: What are the penalties for noncompliance?
>A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.

http://www.practicalecommerce.com/articles/717-Merchants-Liable-For-Data-Breaches

Here is a great article on the impact this can have for small businesses. Mind you - most of these business were using a 3rd party system that they didn't realize was storing sensitive information - yet the small business gets the fine, not the 3rd party...

http://online.wsj.com/article/SB119042666704635941.html?mod=sphere_ts.
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
.
Copperhead said:
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
Just got an email back on this. We believe the way David wrote the tracking in Webervations is based on caching the IP address. So - if you visited bb.com last of all the directories that David had written into the system - it would keep that as the last site you visited and show a referral from BB.com. Same goes with BBonline or any of the directories that is hard-coded. It sounds like this has always been the case.
So if you visit BBonline last, then even a week later go make a reservation from the same computer, the referral would show up as BBonline.
Clearly this isn't a great way to do it, but quite frankly, it is unusual for any system to track this type of thing itself. Entire businesses have been built on good web tracking (i.e. Urchin and Google Analytics) with huge teams of programmers trying to get it correct... we will try to figure out how to make it more accurate, but this was something that we inherited with the system, and another thing on a long, long list of items we are trying to improve.
.
Thank you.
I can definately see that you all are working hard to correct problems and try to give us the best system possible.
 

Suzie Q

Well-known member
Joined
May 30, 2008
Messages
428
Reaction score
0
OK, on my credit card system, if I don't have the CVV, I can't enforce the reservation. I might as well not have the cc number, either. Do ya'll call the customer, email the customer, to get the CVV number, or not worry about it? I've had to enforce the early cancellation fee a few times. Thanks!
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
I've heard AO is coming out with some changes. We'll certainly update this when that is the case - I think competition is great for the industry. We've learned a lot about some useful features from competitors of ours, and I'm sure they learn the same from us. Incidentally - I was curious if Availability Online validates the credit card info - so I tested a property. They do not - so any random number will work. Could be something that is being pdated/changed, but another difference to add to the list.
While testing that - for all of you concerned with credit card security - the CVV code on AO is redisplayed as actual text right online on the confirmation screen - again a huge no-no for PCI rules that ultimately properties will be held liable for. I don't mean to go on a witch hunt - but this is something that innkeepers should really be aware of. I certainly would not want to take on that type of liability. This is directly from the PCI website and affects the merchant of record in any data breach (the property):
>Q: What are the penalties for noncompliance?
>A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.

http://www.practicalecommerce.com/articles/717-Merchants-Liable-For-Data-Breaches

Here is a great article on the impact this can have for small businesses. Mind you - most of these business were using a 3rd party system that they didn't realize was storing sensitive information - yet the small business gets the fine, not the 3rd party...

http://online.wsj.com/article/SB119042666704635941.html?mod=sphere_ts.
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
.
Copperhead said:
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
Just got an email back on this. We believe the way David wrote the tracking in Webervations is based on caching the IP address. So - if you visited bb.com last of all the directories that David had written into the system - it would keep that as the last site you visited and show a referral from BB.com. Same goes with BBonline or any of the directories that is hard-coded. It sounds like this has always been the case.
So if you visit BBonline last, then even a week later go make a reservation from the same computer, the referral would show up as BBonline.
Clearly this isn't a great way to do it, but quite frankly, it is unusual for any system to track this type of thing itself. Entire businesses have been built on good web tracking (i.e. Urchin and Google Analytics) with huge teams of programmers trying to get it correct... we will try to figure out how to make it more accurate, but this was something that we inherited with the system, and another thing on a long, long list of items we are trying to improve.
.
Thank you.
I can definately see that you all are working hard to correct problems and try to give us the best system possible.
.
Mooseberry Inn said:
Thank you.
I can definately see that you all are working hard to correct problems and try to give us the best system possible.
Thank you - it is nice to hear that. Personally I'd give my team an A+ for effort - our employees really are dedicated. Folks work here 7 days/week, often around the clock, and they truly strive to do the best by the properties.
But results count - and we still have some work to do to earn an A there.
 

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
I've heard AO is coming out with some changes. We'll certainly update this when that is the case - I think competition is great for the industry. We've learned a lot about some useful features from competitors of ours, and I'm sure they learn the same from us. Incidentally - I was curious if Availability Online validates the credit card info - so I tested a property. They do not - so any random number will work. Could be something that is being pdated/changed, but another difference to add to the list.
While testing that - for all of you concerned with credit card security - the CVV code on AO is redisplayed as actual text right online on the confirmation screen - again a huge no-no for PCI rules that ultimately properties will be held liable for. I don't mean to go on a witch hunt - but this is something that innkeepers should really be aware of. I certainly would not want to take on that type of liability. This is directly from the PCI website and affects the merchant of record in any data breach (the property):
>Q: What are the penalties for noncompliance?
>A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.

http://www.practicalecommerce.com/articles/717-Merchants-Liable-For-Data-Breaches

Here is a great article on the impact this can have for small businesses. Mind you - most of these business were using a 3rd party system that they didn't realize was storing sensitive information - yet the small business gets the fine, not the 3rd party...

http://online.wsj.com/article/SB119042666704635941.html?mod=sphere_ts.
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
.
Copperhead said:
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
Just got an email back on this. We believe the way David wrote the tracking in Webervations is based on caching the IP address. So - if you visited bb.com last of all the directories that David had written into the system - it would keep that as the last site you visited and show a referral from BB.com. Same goes with BBonline or any of the directories that is hard-coded. It sounds like this has always been the case.
So if you visit BBonline last, then even a week later go make a reservation from the same computer, the referral would show up as BBonline.
Clearly this isn't a great way to do it, but quite frankly, it is unusual for any system to track this type of thing itself. Entire businesses have been built on good web tracking (i.e. Urchin and Google Analytics) with huge teams of programmers trying to get it correct... we will try to figure out how to make it more accurate, but this was something that we inherited with the system, and another thing on a long, long list of items we are trying to improve.
.
JBanczak said:
Copperhead said:
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
Just got an email back on this. We believe the way David wrote the tracking in Webervations is based on caching the IP address. So - if you visited bb.com last of all the directories that David had written into the system - it would keep that as the last site you visited and show a referral from BB.com. Same goes with BBonline or any of the directories that is hard-coded. It sounds like this has always been the case.
So if you visit BBonline last, then even a week later go make a reservation from the same computer, the referral would show up as BBonline.
Clearly this isn't a great way to do it, but quite frankly, it is unusual for any system to track this type of thing itself. Entire businesses have been built on good web tracking (i.e. Urchin and Google Analytics) with huge teams of programmers trying to get it correct... we will try to figure out how to make it more accurate, but this was something that we inherited with the system, and another thing on a long, long list of items we are trying to improve.
I do appreciate the promptness and the professional way in which my probem and the conserns I have with the system are being addressed. (Please pass this on to Adam as well). I do understand that there is a learning curve in taking over someone elses system and that you are addressing and correcting many security issues that in effect are for the best ofr all of us - you as owners of the system, the innkeepers as your customers and our guests whos data you are protecting by taking these measures. We can not expect this all to be handled overnight or with out glitches.
Now I am Just curious - What was the tracking if the IP address had NOT visited a directory? I never recall any of my tests (before bandb took over) ever sending an email that included anything regarding the directory in the subject line only the words - 'Webervation Request'. This must have been an addition made since the purchase - most likely recently as I have not noticed this before.
John, prior to sending this off I did another test reservation, but prior to that I went to bbonline and looked around a bit. The reservation email to my personal address (as the guest) has the same - as I stated before in the subject: Webervations Request! from the bedandbreakfast.com web site. and in the body of the email it says How did you find us: bedandbreakfast.com web site. (with active link) So, if it was tracking by my IP address with the last directory that my IP visited, it should have said bbonline! NOW, my Business email receipt of the request has all the guest email data (Including the how you found us and the link to bandb.com) but under the innkeeper portion, it states the customer found us though our own website!
John, just to be honest here, I would prefer not having any tracking than to provide the guest and/or the innkeeper false information. If that can not be corrected quickly, it would be best (IMO) to remove any tracking until it can be corrected.
 

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
OK, on my credit card system, if I don't have the CVV, I can't enforce the reservation. I might as well not have the cc number, either. Do ya'll call the customer, email the customer, to get the CVV number, or not worry about it? I've had to enforce the early cancellation fee a few times. Thanks!.
remnjava said:
OK, on my credit card system, if I don't have the CVV, I can't enforce the reservation. I might as well not have the cc number, either. Do ya'll call the customer, email the customer, to get the CVV number, or not worry about it? I've had to enforce the early cancellation fee a few times. Thanks!
My system has never requested the CVV, only validating the address and zip. If my system did require the CVV, I would read the articles John has placed in his post (so I would be educated on the subject) then contact my processor to discuss this matter.
I am sure your processor is not the only one currently asking for this data, as since this topic 1st was addressed on this forum (another thead), I have made 4-5 purchases where several requested the CVV. Given I do not usually make that many online purchases in such a short time, It seems to me that likely there are more systems that DO require the CVV than do not. (that of course does not make them right or in compliance - just address that there is a long way to go for compliance to be the norm).
 

Suzie Q

Well-known member
Joined
May 30, 2008
Messages
428
Reaction score
0
OK, on my credit card system, if I don't have the CVV, I can't enforce the reservation. I might as well not have the cc number, either. Do ya'll call the customer, email the customer, to get the CVV number, or not worry about it? I've had to enforce the early cancellation fee a few times. Thanks!.
remnjava said:
OK, on my credit card system, if I don't have the CVV, I can't enforce the reservation. I might as well not have the cc number, either. Do ya'll call the customer, email the customer, to get the CVV number, or not worry about it? I've had to enforce the early cancellation fee a few times. Thanks!
My system has never requested the CVV, only validating the address and zip. If my system did require the CVV, I would read the articles John has placed in his post (so I would be educated on the subject) then contact my processor to discuss this matter.
I am sure your processor is not the only one currently asking for this data, as since this topic 1st was addressed on this forum (another thead), I have made 4-5 purchases where several requested the CVV. Given I do not usually make that many online purchases in such a short time, It seems to me that likely there are more systems that DO require the CVV than do not. (that of course does not make them right or in compliance - just address that there is a long way to go for compliance to be the norm).
.
Yes, I am aware that services such as Webervations can no longer store the CVVs. Maybe I will email my processor to see if that requirement can be altered in the future. Currently I validate the street address, CVV and zip code.
 

gillumhouse

Moderator
Staff member
Moderator
Supporting Member
Joined
May 22, 2008
Messages
15,518
Reaction score
77
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
I've heard AO is coming out with some changes. We'll certainly update this when that is the case - I think competition is great for the industry. We've learned a lot about some useful features from competitors of ours, and I'm sure they learn the same from us. Incidentally - I was curious if Availability Online validates the credit card info - so I tested a property. They do not - so any random number will work. Could be something that is being pdated/changed, but another difference to add to the list.
While testing that - for all of you concerned with credit card security - the CVV code on AO is redisplayed as actual text right online on the confirmation screen - again a huge no-no for PCI rules that ultimately properties will be held liable for. I don't mean to go on a witch hunt - but this is something that innkeepers should really be aware of. I certainly would not want to take on that type of liability. This is directly from the PCI website and affects the merchant of record in any data breach (the property):
>Q: What are the penalties for noncompliance?
>A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
It is important to be familiar with your merchant account agreement, which should outline your exposure.

http://www.practicalecommerce.com/articles/717-Merchants-Liable-For-Data-Breaches

Here is a great article on the impact this can have for small businesses. Mind you - most of these business were using a 3rd party system that they didn't realize was storing sensitive information - yet the small business gets the fine, not the 3rd party...

http://online.wsj.com/article/SB119042666704635941.html?mod=sphere_ts.
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
.
Copperhead said:
JBanczak said:
It sounds like the issue here in the original post has been identified. The test booking being made was using a bogus credit card - and since we do some validatation on the credit card number - the booking was getting kicked-back.
There was a GREAT suggestion to highlight this better - the way Webervations is doing it isn't as clear/obvious as it could be. We put it in as a high priority to improve this hopefully to avoid confusion.
John, thanks for responding...I have been tied up all afternoon to deal with this. Yes, after the call from Adam this afternoon we came to the decision that maybe the guest had incorrectly typed in his credit card # and did not receive a FLAG stating to double check the card number. When I made the test requests I used just a string of 16 numbers...it did not provide me with a FLAG either...so I thought the problem was more complex than it was. (or than we think) Adam did make several test reservations and they came through.
I had requested to Adam that a FLAG should be placed for inaccurate card numbers and he said he would place it on the list...I am glad that it will be placed on high priority - THANKS!!!!
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
Just got an email back on this. We believe the way David wrote the tracking in Webervations is based on caching the IP address. So - if you visited bb.com last of all the directories that David had written into the system - it would keep that as the last site you visited and show a referral from BB.com. Same goes with BBonline or any of the directories that is hard-coded. It sounds like this has always been the case.
So if you visit BBonline last, then even a week later go make a reservation from the same computer, the referral would show up as BBonline.
Clearly this isn't a great way to do it, but quite frankly, it is unusual for any system to track this type of thing itself. Entire businesses have been built on good web tracking (i.e. Urchin and Google Analytics) with huge teams of programmers trying to get it correct... we will try to figure out how to make it more accurate, but this was something that we inherited with the system, and another thing on a long, long list of items we are trying to improve.
.
JBanczak said:
Copperhead said:
Now I do have another matter.... after receiving a good test visa # from Adam, I have done several test reservations and have a BIG bone to pick with bandb. This was touched on by Mooseberry's post... but the matter is much bigger than that...
When I made my test reservations I went DIRECTLY to MY website and clicked on my 'book online' link to webervations.....The guest copy of the reservation went to my personal account - the subject line said : Webervations Request!! from the bedandbreakfast.com Web Site and my B&B email has this: How did you find us: Bedandbreakfast.com Web site -----NO I never went to bedandbreakfast.com to make this test reservation - It was from my OWN site. This give us false information for tracking - and gives the customer a false statement of where they found us. What about the B&B's that use webervations but are NOT listed on banb.com ....
This needs to be corrected ASAP...
Just got an email back on this. We believe the way David wrote the tracking in Webervations is based on caching the IP address. So - if you visited bb.com last of all the directories that David had written into the system - it would keep that as the last site you visited and show a referral from BB.com. Same goes with BBonline or any of the directories that is hard-coded. It sounds like this has always been the case.
So if you visit BBonline last, then even a week later go make a reservation from the same computer, the referral would show up as BBonline.
Clearly this isn't a great way to do it, but quite frankly, it is unusual for any system to track this type of thing itself. Entire businesses have been built on good web tracking (i.e. Urchin and Google Analytics) with huge teams of programmers trying to get it correct... we will try to figure out how to make it more accurate, but this was something that we inherited with the system, and another thing on a long, long list of items we are trying to improve.
I do appreciate the promptness and the professional way in which my probem and the conserns I have with the system are being addressed. (Please pass this on to Adam as well). I do understand that there is a learning curve in taking over someone elses system and that you are addressing and correcting many security issues that in effect are for the best ofr all of us - you as owners of the system, the innkeepers as your customers and our guests whos data you are protecting by taking these measures. We can not expect this all to be handled overnight or with out glitches.
Now I am Just curious - What was the tracking if the IP address had NOT visited a directory? I never recall any of my tests (before bandb took over) ever sending an email that included anything regarding the directory in the subject line only the words - 'Webervation Request'. This must have been an addition made since the purchase - most likely recently as I have not noticed this before.
John, prior to sending this off I did another test reservation, but prior to that I went to bbonline and looked around a bit. The reservation email to my personal address (as the guest) has the same - as I stated before in the subject: Webervations Request! from the bedandbreakfast.com web site. and in the body of the email it says How did you find us: bedandbreakfast.com web site. (with active link) So, if it was tracking by my IP address with the last directory that my IP visited, it should have said bbonline! NOW, my Business email receipt of the request has all the guest email data (Including the how you found us and the link to bandb.com) but under the innkeeper portion, it states the customer found us though our own website!
John, just to be honest here, I would prefer not having any tracking than to provide the guest and/or the innkeeper false information. If that can not be corrected quickly, it would be best (IMO) to remove any tracking until it can be corrected.
.
I just went back and checked. I got a webervations reservation this morning and there was nothing on it about bandb - the tracking said mywebsite.com and nothing else. I have weberv 1.0 and do not take cc # online as I do not want it anywhere I can get nailed. I call and take it on paper.
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
John Wrote: So if you visit BBonline last, then even a week later go make a reservation from the same computer, the referral would show up as BBonlin
Thank you for clearing this up, I do get this with BBONLINE in the subject line as well. If they found us there, then that is fine. I thought it was a temp glitch and didn't interfere with the booking, so I never mentioned it.
 
Top