Security Vault - Is Your Hotel Software PCI Compliant?

The risk of credit card security breaches seemingly has never been higher. In recent months, major cyber attacks have been perpetrated against companies like Citibank and Sony’s PlayStation Network. These kinds of security threats can cost a company millions of dollars and a black eye amongst consumers.

For anyone who handles credit card information, it is not just important to protect yourself against these risks; it is a requirement. As many in the hospitality industry know, one year ago credit card companies mandated that credit card acquirers — including hotels — become PCI and PA-DSS compliant.

PCI compliant (which stands for Payment Card Industry) means that merchants have taken appropriate steps to ensure credit card data is safe and secure in your system. PA-DSS (Payment Application Data Security Standard) applies to the software used by merchants. Any application used that processes or stores credit card must be PA-DSS compliant. 

To address this need, IQware developed the IQvault. Launched in the fall of 2010, IQvault is IQware's PA-DSS compliant solution that was developed in response to the credit card industry’s  PCI requirements. Used to store and process credit card information, IQvault is encrypted using 256-bit encryption.  

IQvault is designed to integrate with hotel property management software such IQpms, IQpos, and others. These products offload their credit card storage and processing needs to the IQvault. While all of these systems work independently, you can lose credit card functionality if the IQvault system is not utilized.

“As a trusted partner of thousands of hotels, IQware developed the IQvault to help our clients become PCI compliant,” says Francois Greffard, Vice President of Operations for IQware. “If you are not currently compliant, you risk data being lost or compromised and can be subject to fines, and most important of all, you could lose the trust of your guests.”

With IQvault, only key people within your organization will be able to view the credit card information stored within. Regular users such as front-desk employees will not have access to the system. Everything is encrypted so that if your systems is hacked, your credit card information is secure.

“IQware products and the IQvault function independently, yet work together seamlessly to achieve maximum security,” explains John G. Denver, IQware Vice President, Business Development. “

Investment in Security
After investing more than 3,600 hours and more than a quarter million dollars in research and development, the IQvault PA-DSS certification was achieved on Nov. 3, 2010, with the assistance of TELUS — a prominent security company.

Properties that deploy the IQvault, will seek to obtain their own PCI certification with the assistance of a third-party auditor. The use of the IQvault, according to the PCI Council certified deployment and maintenance instruction provided by IQware, will ease this process as the use of certified PA-DSS payment applications is a mandatory requirement of the PCI certification.

“Installing the IQvault system is a quick and easy process: Our technicians can typically finish a project in about an hour,” says Denver. “Also, unlike other companies charging substantial fees to profit from the new PA-DSS regulations, we have come up with an extremely reasonable cost structure to ensure all of our clients can make the necessary upgrades to their systems.”

IQvault licensing fees are based per system and can be licensed with or without the Elavon credit card processing option. In most cases, the IQvault can be installed on your current hardware and does not require independent hardware. Standard annual support fees are applicable.

Like all IQware products, IQvault is backed up by expert technicians and 24/7 customer service. The installation process includes close coordination and implementation of this project with our Director of Installation and installation team. There are very strict rules regarding who is allowed to install this system. All IQware technicians have undergone an internal certification process to deploy and configure the IQvault.   

How Is IQvault Configured?
IQvault can be broken down into three major parts: 

• Database server: The SQL server that stores the IQvault database;
• IQvault services: The services that provide the credit card processing features; and
• Clients: Any computer that accesses the IQvault to store and retrieve credit card data.

“The first step in credit card security is education,” says Greffard. “Some hotels don’t fully understand the regulations or don’t recognize the significant threat posed by hackers. IQvault is a safe and secure method of processing and storing all of your credit card information. It keeps you up-to-date with the latest requirements at a minimal expense — saving you from the cost of fines, or in a worst-case scenario, the price you’d pay from letting your guests’ information fall into the wrong hands.”

Becoming PCI Compliant
As mentioned earlier, though IQvault gives hotels the backbone to become PCI compliant, businesses are required to prove their business has achieved certification. 

What must a company do to become PCI DSS compliant? These are the 12 rules listed on the PCI DSS website (www.pcisecuritystandards.org):

1.   Install and maintain a firewall configuration to protect cardholder data.
2.   Do not use vendor-supplied defaults for system passwords and other security parameters.
3.   Protect stored cardholder data.
4.   Encrypt transmission of cardholder data across open, public networks Requirement.
5.   Use and regularly update anti-virus software.
6.   Develop and maintain secure systems and applications Requirement.
7.   Restrict access to cardholder data by business need-to-know.
8.   Assign a unique ID to each person with computer access.
9.   Restrict physical access to cardholder data.
10. Track and monitor all access to network resources and cardholder data.
11. Regularly test security systems and processes.
12. Maintain a policy that addresses information security.

About IQware
Deerfield Beach, Fla.-based IQware has been “Helping Hospitality Partner With Intelligence^SM” for 25 years. Today, more than 5,000 end users utilize IQware software to help best market and manage more than 120,000 rooms generating more than $3.5 billion in gross room revenue. IQware brings with it more than 300 years of combined experience managing hospitality properties and developing and supporting related software. “Built By Hoteliers For Hoteliers,” IQware’s Global Property Management System and more than two dozen add-on modules optimize operations at properties of all types − limited- and full-service hotels, resorts, condo-hotels and timeshares — and all sizes — from regional hotel chains to multi-property management companies to small independents IQware is Your Single-Source Technology Partner through ongoing customized training, user-driven technology development, 24x7 support and lifetime software upgrades. Looking for a competitive edge? Look no further. IQware “Helps Hospitality Better Find, Book, Host, Know & Keep Clients.” IQware solutions offer numerous ROI-generating tools including e-marketing, four-tier yield management, Web-Rez, packages, loyalty point etc.,..  Because IQware’s Global Property Management System has served as the heart of so many hotel operations for a quarter century, today IQware also can provide the lifeblood for Condo Management, Point Of Sale, Sales & Catering, Online Reservations, Spa Management, Marina Management, Central Reservations System and e-CRM electronic (Customer Relationship Management). IQware takes technology partnering to a new level − just ask our ever-expanding family of clients conducting business in two dozen countries. For more information, visit www.iqwareinc.com or call (877) 698-5151.


Logos, product and company names mentioned are the property of their respective owners.

Reader Comments:

Be the first to leave a comment for this article

Tweet