TRY FOR FREE
SALES
385-292-1518
SUPPORT

AUGUST 23, 2019 - NEWS

Is Your Reservation Software Really Secure?

AUGUST 23, 2019 - NEWS

Is Your Reservation Software Really Secure?

In the past 10 years two reservation systems, SavvyBooking and now SuperInn, have been compromised and closed their doors, forcing their clients to quickly go elsewhere.


Q: What can you do to protect your business?
A: Make sure that your software provider is not performing their own security audits.

Both SavvyBooking and SuperInn performed their own internal security and PCI audits. While these companies would use tools and scanners to detect weaknesses, they didn't use an outside security company to verify their security and procedures.

Data breaches can happen to any business. There is no guaranteed way to prevent being "hacked", but having your PCI compliance assessed by an outside security company has shown to dramatically reduce the chances and effect of hacking events.

There are still several major players in the bed and breakfast industry, like ThinkReservations, that are avoiding PCI compliance through external audit.


Q: How can you tell if your software provider is truly PCI compliant through external assessment?
A: Ask your reservation software to send you a copy of their PCI Compliance. Or Google it: "ResNexus PCI"

Here is a link to the ResNexus 2020 Certificate of PCI Compliance. The certificate should be for the company but certified by an auditor. If your software provider cannot produce a PCI certificate, they are simply not compliant. If it is a self assessment PCI certificate, you now know that you are with a company that doesn't use an external security company to help verify their security practices and software.


Q: What if my software provider tells me they don't need to be PCI Compliant through audit?
A: Even if reservation softwares are not storing credit cards, they store guest information. Getting hacked means your guests are still at risk. Self audits simply are not as effective as external audits.


Q: Why do some software providers like ThinkReservations shy away from external PCI audits?
A: It's expensive and time consuming.

It costs hundreds of thousands of dollars a year and takes months of dedicated time to pass these audits. At ResNexus, we have consistent visits from outside security professionals at our headquarters to review our PCI security. They sit down with us in person and verify thousands of security procedures and protocols. The audit company uses tools and professional hackers to try to compromise ResNexus. Each year new security standards are added. We make constant security updates including those that are not required but advised.


Q: What other security precautions should I look for?
A: Ask your property management software if they offer two-factor authentication. ResNexus does provide that advanced security feature.
In the past 10 years two reservation systems, SavvyBooking and now SuperInn, have been compromised and closed their doors, forcing their clients to quickly go elsewhere.


Q: What can you do to protect your business?
A: Make sure that your software provider is not performing their own security audits.

Both SavvyBooking and SuperInn performed their own internal security and PCI audits. While these companies would use tools and scanners to detect weaknesses, they didn't use an outside security company to verify their security and procedures.

Data breaches can happen to any business. There is no guaranteed way to prevent being "hacked", but having your PCI compliance assessed by an outside security company has shown to dramatically reduce the chances and effect of hacking events.

There are still several major players in the bed and breakfast industry, like ThinkReservations, that are avoiding PCI compliance through external audit.


Q: How can you tell if your software provider is truly PCI compliant through external assessment?
A: Ask your reservation software to send you a copy of their PCI Compliance. Or Google it: "ResNexus PCI"

Here is a link to the ResNexus 2020 Certificate of PCI Compliance. The certificate should be for the company but certified by an auditor. If your software provider cannot produce a PCI certificate, they are simply not compliant. If it is a self assessment PCI certificate, you now know that you are with a company that doesn't use an external security company to help verify their security practices and software.


Q: What if my software provider tells me they don't need to be PCI Compliant through audit?
A: Even if reservation softwares are not storing credit cards, they store guest information. Getting hacked means your guests are still at risk. Self audits simply are not as effective as external audits.


Q: Why do some software providers like ThinkReservations shy away from external PCI audits?
A: It's expensive and time consuming.

It costs hundreds of thousands of dollars a year and takes months of dedicated time to pass these audits. At ResNexus, we have consistent visits from outside security professionals at our headquarters to review our PCI security. They sit down with us in person and verify thousands of security procedures and protocols. The audit company uses tools and professional hackers to try to compromise ResNexus. Each year new security standards are added. We make constant security updates including those that are not required but advised.


Q: What other security precautions should I look for?
A: Ask your property management software if they offer two-factor authentication. ResNexus does provide that advanced security feature.
security alert screen
A growing industry trend in PCI compliance is two-factor authentication to log into your property management software. Two-factor authentication requires two ways of proving your identity to make your online data more secure.

After you enter your password—the first authentication factor—the second factor arrives by text or email. Meaning, you'll get a numerical code that you need to enter to log into your account. Unlike a PIN code for a debit card, a two-factor authentication (2FA) code is only used one time; each time you log into that account, you'll be sent a new code.

Although two-factor authentication requires an extra step when logging into your account, it does help protect your property if your email or password has been hacked by sending that one-time PIN number to your smartphone or a secondary email.

ResNexus invites all reservation systems, regardless of the costs, to do the maximum possible to protect the hospitality industry from cyber criminals.


UPDATE TO ARTICLE OCTOBER 8, 2019
As of September 9, 2019, ThinkReservations completed PCI Compliance via third party audit.

Sources:
https://www.databreaches.net/uperinn-plus-notifying-clients-of-hack-more-than-43000-consumers-impacted/

https://acorn-is.com/blog/2019/08/superinn-is-closing-on-october-31-2019-what-you-need-to-do.html
A growing industry trend in PCI compliance is two-factor authentication to log into your property management software. Two-factor authentication requires two ways of proving your identity to make your online data more secure.

After you enter your password—the first authentication factor—the second factor arrives by text or email. Meaning, you'll get a numerical code that you need to enter to log into your account. Unlike a PIN code for a debit card, a two-factor authentication (2FA) code is only used one time; each time you log into that account, you'll be sent a new code.

Although two-factor authentication requires an extra step when logging into your account, it does help protect your property if your email or password has been hacked by sending that one-time PIN number to your smartphone or a secondary email.

ResNexus invites all reservation systems, regardless of the costs, to do the maximum possible to protect the hospitality industry from cyber criminals.


UPDATE TO ARTICLE OCTOBER 8, 2019
As of September 9, 2019, ThinkReservations completed PCI Compliance via third party audit.

Sources:
https://www.databreaches.net/uperinn-plus-notifying-clients-of-hack-more-than-43000-consumers-impacted/

https://acorn-is.com/blog/2019/08/superinn-is-closing-on-october-31-2019-what-you-need-to-do.html

SEE WHY RESNEXUS IS TRUSTED BY THOUSANDS OF PROPERTIES

ResNexus is a customer service company that happens to offer the most amazing hospitality software on the planet. Taking care of you is our #1. We learn about your business, find ways to serve you and to help you grow!
Schedule a Tour
Webinars
Links
© 2024. ALL RIGHTS RESERVED. ResNexus 185 East 200 North, Salem, Utah M - F 8am-5pm MST support@resnexus.com
Website Design & Reservation Software by ResNexus