PMS Buyer’s Guide Part 7: PMS Security

IQware PMS Software

software codeToday we’re going to look at PMS security which, for the most part, is a pretty simple topic. However, there are a couple of aspects worth mentioning.

Rather than turning this into a giant post on security best practices (you can find that elsewhere by doing a quick search), we’re going to talk about two of the most important security factors that concern the hospitality industry:

User access control and PCI for credit card processing.

PCI Compliance – Credit Card Processing

PCI compliance is a mandated security standard that properties handling credit cards must adhere to. Any time a property stores or processes a credit card it must follow this process, and each year it must be certified to prove purchases are being handled correctly.

Note that PCI compliance does not apply to debit or other types of payment methods.

There are a lot of rules revolving around PCI compliance. From Wikipedia, the requirements are to:

    Build and maintain a secure network
    Protect cardholder data
    Maintain a vulnerability management program
    Implement strong access control measures
    Regularly monitor and test networks
    Maintain an information security policy

Software also has a compliance system, called PA, which works hand-in-hand with PCI.

When choosing a vendor, make sure the software is PA compliant, which will assist you with becoming PCI compliant

Dealing with Multiple Systems

Having multiple technology solutions in your hotel can make things challenging. Your POS, PMS, and booking engine will all need to be PCI compliant.

At IQware we developed a unique PA compliant solution for our clients called the IQvault. Properties using our PMS/POS/booking engine are able to offload their credit card storage and processing needs into the system.

Basically, it serves as a central point for all your credit processing needs, which keeps things extremely simple.

Properties that use the IQvault will still need to obtain their own PCI certification with the assistance of a third-party auditor, however our PA certification will ease this process.

PMS Security: User Access Control

It’s very understandable that properties do not want their employees accessing the entire system. This is easily solved in software by ensuring there are permission settings for a variety of access levels.

Typically you’ll find settings for administrators, managers, and front-line employees. When it comes to purchasing PMS software, this should be fairly standard across most major providers, but it’s worth double checking to ensure the features are there.

So there you have it, two of the most common factors with PMS security.