MyCard EMV© is BookingCenter's credit card payment gateway for EMV terminals that is tightly integrated with MyPMS©. It is intended to be transparent to the user and eliminates the need for separate POS, additional phone lines, monthly and transaction fees as well as the time intensive auditing of settlement reports against MyPMS audit reports. Managing Credit Card Transactions with MyCard EMV© When setup with MyCard EMV©, when you add a credit card from the New Booking window, the Booking Data tab, or the Manage Credit Cards screen, an option to 'Swipe/Dip' is presented in addition to the Manual Transaction/Swipe' method used in Traditional MyCard©. The 'Swipe/Dip' option awaits input from the EMV device and enters the authorization with an (E) that shows the transaction was a 'dip' or 'tap' from an EMV device. See the following functions below for specific tasks. Tokenization in MyCard EMV©When an EMV property receives a credit card - when saved during manual input into the PMS; when entered by a guest into an online booking; or sent from a GDS or OTA (such as Expedia or booking.com) booking, the card data can be 'tokenized' to remove the card details (name, numbers, address, etc) and stored as a 'token' to be used for an authorization or payment (purchase or credit). The benefit of a token is that no one - not your staff, not a hacker into your network or BookingCenter's, nor a Guest - can view or use that token except the property setup with the EMV device and/or account. Thus, it provides the best level of security for storing credit card data. The card looks like a familiar one stored as a payment option on Folios, but there are a few differences: - Example of a Tokenized EMV saved credit card:
 Image Added (this is a MasterCard ending in #1513 with expiration of 08/27 and has a .20 authorization saved on it) - Example of a Non-Tokenized saved card, still masked, but not using EMV tokenization:
 Image Added(this is an American Express ending in #2000 with expiration of 09/26 and has a .0 authorization saved on it).
They both look similar to your staff, but the Tokenized card cannot be seen by anyone; the non-tokenized card is stored encrypted and 'masked' so staff won't see it. But if the User is set to 'View credit Cards', that card data can be viewed by a Manger with access to that privilege. Thus, security is weaker for a non-tokenized card. Both approaches can pass PCI compliance, since the card is stored securely (BookingCenter use 256-bit encryption to store and 'view' the card data) and access to the data is reserved for only Users with legitimate business purposes, which many hotels require for charging 'cancellation', 'no show' and other fees, thus allowing PCI compliance. But clearly one approach offers an opportunity for fraud, the other doesn't. Hybrid Tokenization OptionBookingCenter offers two settings where the card can be tokenized on the ‘save’ (or entry) meaning all cards are always tokenized when received by BookingCenter - this is full tokenization. In this case, even when taking a card over the phone it becomes tokenized when saved into a booking. The other option is to only Tokenize the card when issuing an authorization, which happens automatically when issuing a manual authorization, payment, or credit ('refund') to any Folio. Thus BookingCenter gives you two options to tokenize cards - On Entry
- On Use
Any card within MyPMS can be masked or tokenized depending on how you wish to manage the risk of credit card data. Contact BookingCenter if you wish to discuss the pros/cons of your operational needs as it applies to credit card fraud risk. |