Yes as I said, I have had 2-3 no-shows in 10 years..but once this policy is commonly known to the public, what difference do you think it will have on the traveler? As of now, we all have policies in place and have had a way to charge IF need be. Having the card on file has been a reassurance for me as well as the guest regarding that room for those dates.Bree said:
Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.
There is no doubt on storing CVV - it can be used in the transaction, but it cannot be kept on a server on file - period. Visa and PCI rules are crystal clear on this - it is one of the main questions even in a self-audit. Any system that stores this is not PCI compliant.Samster said:Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
If I recall Bree, we had talked about this before and I believe you also went through the important step of making sure you were PCI compliant - because the insurance only covers you for the audit if you are compliant.Bree said:
Well, then there are numerous people out there that are non-compliant, I'm sure. And to play the Devil's Advocate here, I see no difference in keeping credit card info before the date of reservation for months on end vs. afterwards when it comes right down to it! Jeez....Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.There is no doubt on storing CVV - it can be used in the transaction, but it cannot be kept on a server on file - period. Visa and PCI rules are crystal clear on this - it is one of the main questions even in a self-audit. Any system that stores this is not PCI compliant.Samster said:Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.
Well, then there are numerous people out there that are non-compliant, I'm sure. And to play the Devil's Advocate here, I see no difference in keeping credit card info before the date of reservation for months on end vs. afterwards when it comes right down to it! Jeez....Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.There is no doubt on storing CVV - it can be used in the transaction, but it cannot be kept on a server on file - period. Visa and PCI rules are crystal clear on this - it is one of the main questions even in a self-audit. Any system that stores this is not PCI compliant.Samster said:Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.
These crooks will get info if they want it bad enough. That's the bottom line. Cameras at ATMs, fake keypads that capture data, etc.,etc. It goes on & on.
.
The difference is that you want to minimize your risk. The safest way is to delete immediately after processing. The truth is that a card-not-present advanced deposit is extremely hard to keep if the customer does a chargeback.Samster said:
My dh works in the credit card authorization biz and he is looking into this in more detail for me. Seems that there are details about the size of biz, where the data is stored, etc. He is of the opinion that some of this is to get extra money out of you for compliance assurance.Well, then there are numerous people out there that are non-compliant, I'm sure. And to play the Devil's Advocate here, I see no difference in keeping credit card info before the date of reservation for months on end vs. afterwards when it comes right down to it! Jeez....Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.There is no doubt on storing CVV - it can be used in the transaction, but it cannot be kept on a server on file - period. Visa and PCI rules are crystal clear on this - it is one of the main questions even in a self-audit. Any system that stores this is not PCI compliant.Samster said:Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.
These crooks will get info if they want it bad enough. That's the bottom line. Cameras at ATMs, fake keypads that capture data, etc.,etc. It goes on & on.
.The difference is that you want to minimize your risk. The safest way is to delete immediately after processing. The truth is that a card-not-present advanced deposit is extremely hard to keep if the customer does a chargeback.Samster said:
So - for the guests who do show up, you don't need the number... for the guests who are honest - and don't dispute the deposit you don't need the number, and for the guests who are dishonest - they will dispute in any case and you are probably going to give the money back!
But the big difference is that lodging has a justifiable business reason for holding a credit card until departure. After departure, there is no justifiable business reason. That is how the powers-that-be view it, and the rules are clearly set by a higher authority. Our job is to have a certified 3rd party auditor look at our system and make sure they agree we are following the rules.
.
Every single time I purchase online, I've had to enter the V-code.Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.
My dh works in the credit card authorization biz and he is looking into this in more detail for me. Seems that there are details about the size of biz, where the data is stored, etc. He is of the opinion that some of this is to get extra money out of you for compliance assurance.Well, then there are numerous people out there that are non-compliant, I'm sure. And to play the Devil's Advocate here, I see no difference in keeping credit card info before the date of reservation for months on end vs. afterwards when it comes right down to it! Jeez....Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.There is no doubt on storing CVV - it can be used in the transaction, but it cannot be kept on a server on file - period. Visa and PCI rules are crystal clear on this - it is one of the main questions even in a self-audit. Any system that stores this is not PCI compliant.Samster said:Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.
These crooks will get info if they want it bad enough. That's the bottom line. Cameras at ATMs, fake keypads that capture data, etc.,etc. It goes on & on.
.The difference is that you want to minimize your risk. The safest way is to delete immediately after processing. The truth is that a card-not-present advanced deposit is extremely hard to keep if the customer does a chargeback.Samster said:
So - for the guests who do show up, you don't need the number... for the guests who are honest - and don't dispute the deposit you don't need the number, and for the guests who are dishonest - they will dispute in any case and you are probably going to give the money back!
But the big difference is that lodging has a justifiable business reason for holding a credit card until departure. After departure, there is no justifiable business reason. That is how the powers-that-be view it, and the rules are clearly set by a higher authority. Our job is to have a certified 3rd party auditor look at our system and make sure they agree we are following the rules.
.
I didn't know that the Supreme Being was involved in the credit card biz now. haha!
.
LOL - sometimes it seems that only He Himself could have devised all these rules!!!!Samster said:My dh works in the credit card authorization biz and he is looking into this in more detail for me. Seems that there are details about the size of biz, where the data is stored, etc. He is of the opinion that some of this is to get extra money out of you for compliance assurance.
I didn't know that the Supreme Being was involved in the credit card biz now. haha!
My dh works in the credit card authorization biz and he is looking into this in more detail for me. Seems that there are details about the size of biz, where the data is stored, etc. He is of the opinion that some of this is to get extra money out of you for compliance assurance.Well, then there are numerous people out there that are non-compliant, I'm sure. And to play the Devil's Advocate here, I see no difference in keeping credit card info before the date of reservation for months on end vs. afterwards when it comes right down to it! Jeez....Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.There is no doubt on storing CVV - it can be used in the transaction, but it cannot be kept on a server on file - period. Visa and PCI rules are crystal clear on this - it is one of the main questions even in a self-audit. Any system that stores this is not PCI compliant.Samster said:Well, there are obviously snafus in this requirement for all online credit card purchasing. Every single time I purchase online, I've had to enter the V-code. It is a security check for the purchaser that you have the actual card in hand. So, this makes no sense to me at all. If the data is encrypted, there should not be an issue. I think that they are spinning their wheels on this and one hand doesn't know what the other hand is doing. I will agree that there are rez systems that need to update in order to make it easier for you to delete cc info once the card is processed and payment is received by the merchant. Meanwhile, if you have one of the web-based systems, that information is stored on someone else's server and if it's a better one, it's encrypted. Why don't we just stop accepting credit cards and only take cash?
.
These crooks will get info if they want it bad enough. That's the bottom line. Cameras at ATMs, fake keypads that capture data, etc.,etc. It goes on & on.
.The difference is that you want to minimize your risk. The safest way is to delete immediately after processing. The truth is that a card-not-present advanced deposit is extremely hard to keep if the customer does a chargeback.Samster said:
So - for the guests who do show up, you don't need the number... for the guests who are honest - and don't dispute the deposit you don't need the number, and for the guests who are dishonest - they will dispute in any case and you are probably going to give the money back!
But the big difference is that lodging has a justifiable business reason for holding a credit card until departure. After departure, there is no justifiable business reason. That is how the powers-that-be view it, and the rules are clearly set by a higher authority. Our job is to have a certified 3rd party auditor look at our system and make sure they agree we are following the rules.
.
I didn't know that the Supreme Being was involved in the credit card biz now. haha!
.
I believe he is right - at least in part! Seems companies are taking some to the cleaners on this PCI compliance insurance - (Insurance, not really!) In an earlier post on this tread, Bree stated "We are having to pay an extra $15/month now for 'insurance' that will pay for an audit should we ever have to have one." My charge is $24.99 ANUALLY!, I just finished doing a cost comparision with another processing company and their compliance charge was $28.80 semiannually, and they told me that they did not mark up this charge. HmmSamster said:
Keeping the credit card until arrival is fine - Swirt has seen the options we have in Rezo GT - they will be mimicked in Weber - so you choose to keep it, or delete it automatically either X days after taking it, or X days after checkout, etc. We let the innkeeper choose.
I thought we sent out a notification last week - but I will be checking. If we did not, then that was a mistake on our part.
From what I know, CVV should not impact your rate - but processors can give you whatever rate they want in reality - they choose when to downgrade, whether low or mid-qual applies, etc. That is why we only use Tom W and Intuit - both are VERY honest and have the best rates. Here is one article from Braintree on CVV:
[h1]CVV2 Does Not Affect Credit Card Rate Qualification[/h1]Posted on Friday, April 04, 2008 by Bryan Johnson
Most merchants mistakenly believe that processing a cardholder's three or four digit value (CVV2, CVC2 or CID)for a card not present transaction (e.g. ecommerce) will help qualify for lower credit card rates. The CVV2 value is only valuable to protect against credit card fraud and has nothing to do with rate qualification. These three and four digit codes aremost often confused with Address Verification Service (AVS) which can be used to qualify for lower credit card rates.
CVV stands for Card Verification Value and was introduced by MasterCard in 1997 and Visa in 2001. For swiped transactions, the value is referred to as CVV1. Each of the card brands has its own acronym:
Visa: CVV2 - Card Verification Value MasterCard: CVC2 - Card Validation Code American Express: CID Unique Card Code (and 4 digits) Discover: CID Card Identification Number
Merchants are able to configure payment processing systems to accept or decline transaction requests based upon the match or mismatch of CVV2, CVC2 orCIDinformation. So for example, if a merchant creates a rule to decline all transactions where the CVV2, CVC2 orCIDvalue does not match, the authorization request could be successful with the issuing bank, but the transaction will be denied by the merchant. Even though the transaction was denied by the merchant, the consumer's card will still be authorized.
PCI DSS Compliance prohibits merchants from storing the CVV2, CVC2 or CID values. For recurring billing, merchants can accept and validate the code during the initial authorization but cannot store it for additional transactions. After the initial validation, there really is no value in storing it.
Another link on this: http://www.straightpassthrough.biz/what-is-up-with-the-cvv2-code/.
This makes more sense. Thanks for sharing that.JBanczak said:
