The PCI have made it increasingly difficult for all software developers to work with payment card data. Whilst it could be viewed as an inconvenience, it actually offers significantly greater protection for the cardholder, and ultimately peace of mind for the merchant.
In common with many other vendors in the market, we have integrated an existing payment gateway into our system (in our case from Cardstream), but we re-brand it as Caterpay.
As a result, our solution never stores, processes or transmits any card data over our own network. All communication with the gateway is done via tokens, increasing security and hugely reducing the opportunity for fraud.
To provide reassurance to all our partners (the OTA's we work with as well as our client properties) we chose to demonstrate our compliance with the PCI Data Security Standard by having a third party security company here in the UK produce a PCI Report on Compliance or RoC. This is prepared by a Qualified Security Assessor who spends 5 days on site checking all our solutions, environments, systems and processes are correct.
This is in contrast to many other companies who self-certify their PCI compliance. The regulations for solution providers are immensely complex so for us, our QSA is able to advise us of the correct way to implement funtionality ahead of deploying it, rather than finding out during a post-breach investigation that we were not compliant all along because we had misunderstood the requirements.
Caterpay gives Caterbook 5 users access to a range of gateway features and functionality not currently offered in the integration Caterbook 4 has with Payment Express.
- When OTA sourced cards are tokenised, CVV is stored as a part of that process.
- When tokenising cards manually, these are correctly verified by the banking system rather than being stored "as entered".
- For your additional security, you have the option of including AVS (address verification) checks against the house number and postcode of the card's registered address.
We will also be implementing a feature where Caterbook will alert you if a card you have taken "for security" will expire before the guest's arrival, meaning you can seek an alternative card well in advance should you need to then charge for a no show.