Tokenize
[protel Cloud Center > PCI menu > Tokenize]
|
The PCI > Tokenize menu is solely available if PCI Compliance has been activated in your On-Premise hotel management software (protel SPE and protel MPE) and if you have the necessary rights to access the menu! Activation of PCI Compliance is not part of the standard scope of protel On-Premise and must be ordered and configured separately! |
In accordance with PCI DSS, legible credit card data is not to be kept anywhere in the hotel. This is especially valid for the hotel software. protel Tokenizer ensures that all of the credit card data coming in via one of a hotel's many booking and sales channels is not available anywhere in the hotel's system in unencrypted form. For this purpose, protel Tokenizer encrypts and replaces the guest's credit card data with a surrogate value called “token”. The Tokenizer includes a PCI DSS 3.1 certified credit card vault, which means that card data will no longer be accessible via the existing screens and users will be required to login separately to the Detokenizer application in order to access card data.
-
The storage of the encrypted credit card information (tokens) occurs on a separate server which is protected against unauthorized access.
-
protel PMS only uses tokens when querying, accessing, or editing guest's credit card information. Nowhere in the system will a complete credit card number be saved or displayed.
-
Restrictive access rights supervise access to credit card information. Only those actually working with the credit card information are allowed access it.
Access
The tokenizer is accessed in the protel Cloud Center. Once there, open the PCI menu and then select Tokenize:
If the PCI menu is not visible in the menu bar, click on the stack menu and open the list containing the additional menu entries - see the following figure:
Tokenizer dialog box
All of the fields which are marked by an asterix (*) are mandatory fields.
Credit card data
| Field | Description |
| Credit card no.* |
This is where you enter the credit card number without any spaces or special characters. protel checks the validity of the entered credit card number. The checking of the data occurs during entry. As long as the entered number is incorrect or incomplete, the frame around the entry field will be red:
The frame will switch to blue when the number has been accepted:
|
| Cardholder* | This is where you enter the cardholder's name. |
| Valid from | This entry is optional. Usually, the date has to be only provided for debit cards. |
| Valid thru* |
Enter the card's expiry date here. Click on the calendar icon and select the month and year from the calendar. Adopt the date by clicking on [OK]. |
| Card type | The credit card type will automatically be filled in once the credit card number has been successfully entered. |
| Token |
The token is displayed here once the credit card information has been tokenized (encrypted). Explanation: Rather than using real credit card numbers, protel solely uses tokenized numbers. The sensitive original data is stored on the external Token Server where they are protected from unauthorized access. |
Additional data
| Field | Description |
| Issue no. |
The issue no. is only used by certain card types (Smart, Solo, Maestro) and is a single or double digit number printed on the front of the card. Entry is optional. |
| Res. ID | If the checkbox Credit card is allotted to reservation is checked, this is where you enter the reservation ID. |
| Guest profile ID | If the checkbox Allotted to a guest profile is checked, this is where you enter the Guest Profile ID. |
 |
Note Although it is currently still possible to assign credit card tokens to a guest profile, this contradicts the latest PCI specifications. For this reason, the so-called "purge routine" is used to delete tokens attached to a guest profile at the end-of-day routine. |
Entering credit card information
You can find the reservation number in the Navigator:
Save credit card token to the reservation
The credit card details can also be saved in the guest profile and in the reservation, e.g., if the booker is the guest and the guest is the holder of the credit card.
|
The advantage of this solution lies in the fact that, if need arises, the Front Office employees can find the credit card information both in the guest profiles, as well as in the reservations, e.g., in order to access the data for a specific business purpose (Check out, Cancellation, etc.). |
 |
Please note! Due to the PCI regulations, the token, if it has been saved in the guest profile, will be deleted after the next end-of-day procedure! We therefore advise against storing tokens in the guest profile. |
Save credit card token to the reservation
Proceed as follows to save the credit card details to a reservation, e.g., if the guest is not the holder of the credit card:
-
First, lookup the reservation ID in the Navigator of the relevant reservation.
-
Open the Tokenizer (protel Cloud Center > PCI menu > Tokenize), and enter the credit card details.
-
Select the Credit card is allotted to reservation checkbox and enter the reservation ID:
-
Click on [Tokenize] to save and encrypt the data.
The credit card token will then be saved to the reservation.
Multi-room reservation
If several rooms are booked as a “multi-unit reservation”, the credit card token has to be saved to the original reservation ID.
To do so, open the Tokenizer and enter the credit card details as well as the respective reservation ID. Afterwards, generate the credit card token for the reservation (see section “Save credit card token to the reservation”).
Example: Multi-room reservation for 3 twin bed rooms
In the figure, you can see that the token has been saved to the reservation with the reservation ID 406896:
IMPORTANT! If a multi-room reservation is split, the token will be copied to each of the split off reservations (see following example).
Example: A reservation has been split from the multi-room reservation
In the figure, you can see that the token has been copied from the original reservation to the split off reservation with the reservation ID 407017.
Group reservations
If several rooms are booked as a group reservation, the credit card token must be saved to the group master’s reservation.
To do so, open the Tokenizer, enter the group master’s credit card details, the group master’s reservation ID and generate a token for this reservation (see section "Save credit card token to the reservation").
As you can see in the screenshot, the token has been saved to the group master’s reservation.
