%20--%3e%3cg%3e%3cg%20id='Logotype'%3e%3cg%3e%3cpath%20fill='%23141313'%20d='M46.37,250.9L136.63,28.98H0v237.25C0,296.87,21.93,318.83,52.56,318.83v-.03h160.64v-154.45l-156.9,95.23c-5.8,3.71-12.82-2.05-9.94-8.68Z'/%3e%3cpath%20fill='%23141313'%20d='M347.35,104.3c-68.33,0-115.93,44.71-115.93,108.91s47.6,108.9,115.93,108.9,115.93-44.72,115.93-108.9-47.6-108.91-115.93-108.91ZM347.35,255.04c-24.41,0-42.23-17.39-42.23-41.8s17.79-41.83,42.23-41.83,42.23,17.39,42.23,41.83-17.79,41.8-42.23,41.8Z'/%3e%3cpath%20fill='%23141313'%20d='M633.86,118.01c0,3.31-3.71,3.31-7.02,1.66-18.22-9.54-32.29-15.3-53-15.3-56.71,0-95.62,42.66-95.62,108.08s39.32,109.7,93.14,109.7v-.03c21.93,0,35.61-7.02,56.31-19.87,3.71-2.48,8.28-1.66,6.19,3.71l-5.36,12.85h86.51V28.98h-81.15v89.03ZM594.11,255.04c-24.41,0-42.23-17.39-42.23-41.8s17.79-41.83,42.23-41.83,42.23,17.39,42.23,41.83-17.79,41.8-42.23,41.8Z'/%3e%3cpath%20fill='%23141313'%20d='M1406.03,107.65l-23.58,112.61c-1.66,8.68-11.59,9.11-13.65-.4l-24.84-112.22h-94.79c-39.32,0-51.74-11.99-51.74-29.81s10.33-28.15,27.72-28.15c20.27,0,30.64,16.16,32.69,32.29h79.5C1325.35,29.38,1286.43,0,1230.52,0,1168.85,0,1130.32,36.04,1130.32,91.09v16.56h-44.71v67.07h44.71v144.08h81.15v-143.68h70.23l46.53,124.21c3.31,8.28,2.88,17.39-.4,26.1l-28.55,68.73h80.25l120.47-286.51h-93.97Z'/%3e%3cpath%20fill='%23141313'%20d='M886.41,117.98c0,3.31-3.71,3.31-7.02,1.66-19.87-9.94-34.35-15.3-54.65-15.3-60.45,0-93.97,49.29-93.97,107.65,0,64.59,37.26,98.54,87.77,98.54,23.19,0,40.57-7.02,62.1-19.47,5.37-3.31,9.51-.4,7.45,4.57-9.11,20.7-28.55,31.47-59.62,31.47h-83.2v67.07h98.5c72.04,0,123.78-47.63,123.78-114.67V107.65h-81.15v10.33ZM846.67,255.04c-24.41,0-42.23-17.39-42.23-41.8s17.79-41.83,42.23-41.83,42.23,17.39,42.23,41.83-17.79,41.8-42.23,41.8Z'/%3e%3cpath%20fill='%23141313'%20d='M1026.35,18.18c-26.1,0-44.71,16.16-44.71,39.35s18.61,39.35,44.71,39.35,44.72-16.16,44.72-39.35-18.62-39.35-44.72-39.35Z'/%3e%3crect%20fill='%23141313'%20x='985.78'%20y='107.65'%20width='81.15'%20height='211.15'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
What is PCI Compliance in Vacation Rentals?
PCI Compliance, short for Payment Card Industry Data Security Standard (PCI DSS), is a mandatory set of security requirements for any business that handles credit and debit card information. These standards were created by major card brands to reduce credit card fraud.
For vacation rental operators, this means implementing specific security controls to protect guest cardholder data. Property management software such as Lodgify helps operators by providing a secure online payment system that adheres to these standards.
Join the Lodgify newsletter
How it works
PCI compliance works by providing a framework of 12 key requirements that businesses must follow to protect cardholder data. These requirements include building and maintaining a secure network, protecting stored cardholder data, encrypting data transmission across public networks, and regularly testing security systems.
A vacation rental operator achieves compliance by integrating with a PCI-compliant payment gateway and ensuring their own business processes, such as how they handle phone bookings, also meet the standards. Using a compliant property management system simplifies this, as the software vendor handles much of the technical burden related to secure data processing and storage.
Why it matters
For vacation rental operators, PCI compliance is crucial for building guest trust and protecting the business from significant financial penalties. Non-compliance can result in hefty fines, loss of the ability to accept credit card payments, and severe reputational damage in the event of a data breach.
Adhering to these standards demonstrates a commitment to guest security, which encourages direct bookings from travelers who feel confident their financial information is safe.
Examples
- A property manager uses a PCI-compliant booking engine on their direct booking website. When a guest enters their credit card details, the information is immediately encrypted and sent directly to the payment processor, never being stored on the manager's own servers.
- A host who takes a booking over the phone enters the guest's credit card number directly into a PCI-compliant virtual terminal provided by their payment gateway. They do not write the card number down on paper or store it in an unsecured file.
- A multi-property company regularly reviews its access control measures, ensuring only authorized personnel have access to systems that process cardholder data, and maintains a strict policy against sending credit card information via email or text.
- An operator uses a property management system that utilizes tokenization. Instead of storing a guest's actual card number for a security deposit hold, the system stores a secure token that can be used for future charges, reducing risk.
Frequently asked questions
Am I responsible for PCI compliance if I only use Stripe or PayPal?+
What happens if my vacation rental business is not PCI compliant?+
Is PCI compliance a one-time process?+
How does using vacation rental software affect PCI compliance?+
Related terms
Payment Gateway
A payment gateway is a service that authorizes and processes online payments for vacation rental businesses. It acts as a secure intermediary between a host's…
Online Payment
Online payment refers to the electronic transaction of funds over the internet to book and pay for a vacation rental. This method provides a secure, automated…
Tokenization
Tokenization is a security process that substitutes a sensitive data element, such as a credit card number, with a non-sensitive equivalent known as a 'token.'…
SSL Certificate
An SSL (Secure Sockets Layer) certificate is a digital certificate that provides authentication for a website and enables an encrypted connection. For vacation…