Credit card policy

Credit card look-up

Rentals United stores the credit card details (excluding the CVV code) for 10 days after they are received from the sales channel. Within this time, you can look up the credit card details if you need to manually charge the guest.

The credit card details can be revealed in the following places:

• Guest Planner > Open a reservation > Payments

  

• Guest Planner > Open a reservation > Booking details

• Guest Planner > Open a reservation > Edit reservation > Booking details

 

The credit card details cannot be revealed in the following scenarios:

• the 10 day storage period has passed

• the card got tokenised

• you are connected to Stripe or any other payment gateway

 

Revealing card details does not tokenise the card. If the reservation does not contain the credit card details or you cannot reveal them, check out why here.

 

CVV/CVC policy

The security and compliance standards we adhere to (PCI DSS 4.0) require us not to store the CVV/CVC codes in the Rentals United database after the first authorisation. While Rentals United does not authorise the credit card data related to reservation, but only acts as an intermediary and passes it to the client, we assume that once credit card data was received by the client, the first authorisation happened and therefore we cannot store the CVV/CVC number any longer and in any form.

It means that the CVV/CVC codes can be shared with the client only once - regardless of the method (an API method to pull reservation details or the reveal credit card details function in the platform) and will be removed afterwards from the Rentals United system. Note that this process pertains to the CVV/CVC codes only (not other credit card details e.g. a credit card number).

 

Credit card look-up / Reveal credit card details

The CVV/CVC code is available only for the first time when revealing the credit card details (and provided it has not been shared before e.g. pulled via API). If the user reveals the credit card details while the CVV/CVC code has been already shared with the user in any form, the user will see the following information:

“You have seen the CVV/CVC on YYYY-MM-DD at HH:MM:SS CET. Rentals United is not allowed to store CVV after first sharing it with you as per industry requirements. Only the card holder can share the CVV/CVC with you.”

 

API methods

If the user pulls reservation details via API and the CVV/CVC code has been already shared, then the CVV/CVC node will be empty.

 

RLNM

The CVV/CVC details will not be shared anymore via the Reservation Life Notification Mechanism. Note that this applies only to the CVV/CVC numbers. The credit card details will be shared as they are and remain encrypted in Rentals United afterwards.

 

PMS

Sharing the CVV/CVC code with the PMS is also considered an authorisation. After the reservation with CVV/CVC code is shared with the PMS, the CVV/CVC code is removed. Note that inserting reservations to a PMS which does not receive the credit card details does not result in removing CVV/CVC .

 

Stripe or other payment gateway

Tokenising a credit card in Stripe or other payment gateway results in removal of CVV/CVC .