Security

PCI DSSAt ResOnline we take our clients' security extremely seriously. To prove this we have ensured that we are 100% PCI DSS compliant. All of our employees pass background checks and are thoroughly trained to maintain trust and safety.

The below table details the sensitivity standards of information we may receive, ensuring all information is always treated in the proper manner. 

 

Restricted
(highest, most sensitive)

Confidential
(moderate level of sensitivity)

Public
(low level of sensitivity)

Description

Data which is legally regulated; and data that would provide access to confidential or restricted information. (PCI DSS CHD)

Data which the data managers have not decided to publish or make public; and data protected by contractual obligations.

Data for which there is no expectation for privacy or confidentiality.

Data Examples

  • Credit card numbers with/without expiration dates

  • CCV number

  • SecurePaymentVault login username and password

  • Server Event Logs

  • Audit logs

  • List of company assets

  • SecurePaymentVault Access and Changes Logs

  • First and Last Name

  • Marketing materials

  • SecurePaymentVault Help documentation

Storage

Exclusively inside the SecurePaymentVault technology

Hard copies of Restricted information must not be stored and should be destroyed immediately after they are utilised according to the Data Disposal Policy

Level of required protection of Confidential data is at the discretion of the owner or custodian of the information.

Hard copies of Confidential information should not be stored and should be destroyed immediately after they are utilised using paper shredder machine provided.

No restriction

Retention period

Guests credit cards - 7 days after the guest depart (allowing our clients to make final payment after the guest departs)

Subscribers credit card - as long as the subscription is active and until the cc expires unless specified otherwise by the CC holder

No restriction

No restriction

All payment information is stored within our SecurePaymentVault, which is only accessable to authorised persons only. As well as keeping payment information secure, our staff will never have access to your passwords. Should you forget your password you will be asked to create a new one.

What is PCI?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

How to become PCI Compliant?

As a Level 1 Merchant (highest level), ResOnline are required to be assessed every 12 months by a qualified security assessor. This assessment is performed by the assessor viewing our code, and analysing our firewalls and network infrastructure to ensure that it meets the standards. Additionally each quarter our network is scanned by an approved scan vendor to ensure that the we are not vulnerable to latest attacks. The cost to obtain and maintain our PCI Compliance is in the tens of thousands each year.

Why should you work with someone who is PCI Compliant?

As the merchant, you are responsible, according to the agreements you have made with your banks, to only choose PCI Compliant software vendors who process and store your credit cards in a secure and compliant manner. If you do not choose compliant companies and there is a security breach, the banks may hold you liable for the breach and seek compensation.

According to an IBM Security report "2016 Cost of Data Breach Study", the average cost of an individual security breach can be up to $4 million, which is up by 29% since 2013, with the average cost per credit card stolen is $158. The study also found that costs due to lost business of a breached business have increased and churn rares increased by nearly 3%.

As a PCI Compliant business, ResOnline treats data and credit card security as our number one priority. Don't take the risk with your customer's data with a business that is not PCI Compliant.

 

All payment information is stored within our SecurePaymentVault, which is only accessable to authorised persons only. As well as keeping payment information secure, our staff will never have access to your passwords. Should you forget your password you will be asked to create a new one.

What is PCI?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

How to become PCI Compliant?

As a Level 1 Merchant (highest level), ResOnline are required to be assessed every 12 months by a qualified security assessor. This assessment is performed by the assessor viewing our code, and analysing our firewalls and network infrastructure to ensure that it meets the standards. Additionally each quarter our network is scanned by an approved scan vendor to ensure that the we are not vulnerable to latest attacks. The cost to obtain and maintain our PCI Compliance is in the tens of thousands each year.

Why should you work with someone who is PCI Compliant?

As the merchant, you are responsible, according to the agreements you have made with your banks, to only choose PCI Compliant software vendors who process and store your credit cards in a secure and compliant manner. If you do not choose compliant companies and there is a security breach, the banks may hold you liable for the breach and seek compensation.

According to an IBM Security report "2016 Cost of Data Breach Study", the average cost of an individual security breach can be up to $4 million, which is up by 29% since 2013, with the average cost per credit card stolen is $158. The study also found that costs due to lost business of a breached business have increased and churn rares increased by nearly 3%.

As a PCI Compliant business, ResOnline treats data and credit card security as our number one priority. Don't take the risk with your customer's data with a business that is not PCI Compliant.