Useful links

• PCI Security Standards website
• How do I manage users in my Abode system?
• How do I set up 2 Factor Authentication?
• How do I use an online payment provider? 

How does Abode help me comply with my Payment Card Industry Data Security Standard (PCI DSS) responsibilities?

If your business accepts, stores or processes cards from guests, you are responsible for ensuring that customers’ card details are secure. 

If you don't adequately protect your business from fraudulent activity and an unauthorised person gets access to card payment data stored at your business and attempts to commit fraud (known as an account data compromise or ADC), you could face financial penalties, the suspension or termination of your merchant facility, damage to your brand and ongoing audits at your own cost.

When a security breach occurs, you:

• Become liable to lawsuits by your guests
• Risk your reputation
• Can lose guest loyalty and business
• Suffer fees from the PCI SSC
• Face ongoing audits

Part of your compliance requirements are; "Assign a unique ID to each person with computer access", "Restrict access to cardholder data by business need to know", "Protect stored cardholder data".

Abode supports you with this by providing:

• Unlimited user logins - set up individual staff logins, no matter how big your organisation is
• User logs - track users history, login history and IP address locations
• Custom user permissions - manage user restrictions and only allow card access for authorised users
• 2 Factor Authentication - enable 2FA for any users requiring card access
• Online Payment Provider integrations - connect your Stripe or Windcave account, remove the need to handle card numbers

FAQs

If I comply with the PCI DSS, is it a guarantee that my business won't be compromised?

No. The PCI DSS is a minimum security standard that helps to maintain a secure payment environment and protect card payment data at a basic level. Complying with PCI DSS greatly reduces the risk of an account data compromise but does not guarantee that your business is completely secure.

How does Abode help me comply with PCI DSS?

At Abode we know how important it is to store data securely and be PCI compliant. Abode uses payment gateway integrations to offer our customers a secure way to store their guests' credit cards. The payment gateways use a tokenisation system to securely store guest credit card information, from pre-stay through to check out.

• Abode is PCI secure
• Set up individual staff logins
• Enable 2FA
• Check logs

What is the easiest and most secure way to manage my payments?

Use one of our integrated online payment providers. Abode integrates with Stripe and Windcave. They are an easy way for you to securely store credit card details to a guest’s booking. Most accommodation providers that need to store credit card data will use a third-party credit card vault and tokenisation provider (Stripe or Windcave). By using a vault, the card data is removed from your possession and you are given back a “token” that can be used for billing. By using an online payment provider, you move the risk of storing card data to someone who specialises in doing that, and who has all of the security controls in place to keep the card data safe.

I trust my staff, isn't that good enough?

Trusting employees doesn't eliminate the possibility of mistakes. Even well-meaning staff can accidentally fall victim to phishing attacks, use weak passwords, or inadvertently share their login details with others. Secure login systems (like two-factor authentication) can help minimize the risks associated with such errors.

It is also a requirement of PCI that individual, secure logins are used to access card details. This would have been agreed upon when setting up your business merchant account.

Why do I need to use a personal email address?

To verify a user's identity and track their use in the system, a unique identifier must be used. Someone's email address is unique to them as an individual and is also where their password reset emails can be sent. 

When using personal email addresses, staff have the ability to recover their login credentials more easily. If they forget a password or need to reset access, personal email accounts are generally easier to regain control.

Personal email addresses are not exposed to the public.

What is 2 Factor Authentication (2FA)

Two-factor authentication (2FA) using an app like Google Authenticator improves security by requiring both your password and a time-sensitive code from the app. This protects against password theft, phishing, and SIM-swapping attacks. 2FA is how the user can verify they are who they say they are.