PCI DSS Compliance

The company undergoes yearly audits to prove compliance, together with our auditors we identify any potential risks of data leakage, alongside checks on security policies and processes. Successfully validated compliance results in an attestation of compliance (AOC), aiding hoteliers in fulfilling requirement 12.8 from the PCI DSS on service provider management.

1. What is PCI DSS?

PCI DSS, short for the Payment Card Industry Data Security Standard, contrasts with the GDPR as it is not a law but a standard defined and maintained by an independent entity created by major payment card brands. To accept credit cards from brands like VISA and MasterCard, compliance with this security standard is essential.

The PCI DSS is essentially a collection of best practices or rules for handling sensitive payment card data entrusted by your guests to prevent data breaches and fraud.

2. Card Storage

TwikPMS prevents the entry of cardholder information into unsecured fields. All data previously entered will be automatically removed. Please be aware, TwikPMS does not retain or have access to full card numbers.

For enhanced security, only the following card information is stored:

• Last four digits of the card number
• Cardholder name
• Card brand (e.g., Visa, Mastercard)
• Expiration date

3. Your Responsibility

While TwikPMS handles card data in a PCI-compliant manner, properties using our platform should also ensure their own PCI compliance for any card data they handle outside of TwikPMS. This includes:

• Not writing down or storing card numbers manually
• Ensuring staff are trained on secure payment handling
• Using secure networks when accessing payment systems

Contact Information

If you have any questions about PCI DSS compliance, please contact us:

• Email: [email protected]

This page was last updated: 21 December 2024