Security / PCI / EMV

Our PCI Status

AutoClerk PMS version 9 has been validated for new deployments by the PCI Security Standards Council according to PA-DSS v3.2 regulations. For full details of this validation, please visit the PCI Security Standard Council. 

AutoClerk’s PCI compliance began in 2008 when AutoClerk PMS version 8 was validated according to Visa’s Payment Application Best Practices (PABP) compliance rules. In 2010, Visa transferred PCI validation authority to a new organization, the PCI Security Standards Council. The Council issued a new set of PCI rules called Payment Application Data Security Standard (PA-DSS).

Security via Tokenization

PCI compliance is but one step of many to help ensure a hotelier’s data security.  AutoClerk’s two PMS products (web & non-web) use tokenization services of two high-volume (billions of transactions per year) PCI DSS Level 1 service providers that have data centers specifically designed to protect confidential cardholder data.  When a guest credit card requires an authorization increase, settlement, or rebate, only the token is needed. Tokens are of no value to hackers or thieves.  

Security via EMV

AutoClerk’s two PMS products (web & non-web) offer EMV integration, which allows the use of credit card chip-reader hardware at the front desk to process card-present authorizations.  EMV is a big step forward in reducing a hotel’s PCI scope and in reducing merchant liability.  

Security via Zero Scope at myHMS Data Center

AutoClerk’s pure web-based PMS (myHMS) uses a data center that is one of the world’s first PMS data centers to be architected, from the ground up, to not store, process, or transmit sensitive cardholder data. It accomplishes this feat by using Shift4’s i4Go for clerical and guest entry of cardholder data and Shift4’s 4Res firewall for all CRS/GDS/WBE interface connectivity, which results in all sensitive cardholder data being tokenized before entering the myHMS data center.   Read more

.