Add Security Code to Additional Booking Notification Email

[jnasevich]

Hello. I'd like to add the Security Code (the one that can be used to show the 3-digit credit card CCV code from the Beds24 backend) to the Additional Booking Notification Email (Account | Host Notifications | Additional Booking Notification Email). However, I don't know what Template Variable to use, and I don't see a likely candidate listed on the wiki page for Template Variables (https://www.beds24.com/wiki/index.php/T ... _Variables). Template Variable [SECURITYCODE] would be the most likely choice.

[Epicea_old]

That would be in breach of your contract with credit card processing provider. You can't transmit cardholder details in email messages. In some jurisdictions it would be illegal as well.

Even the existence of the feature as an option would likely break PCI compliance for all beds24 users.

[jnasevich]

I agree that it would be a security breach to email credit card information. You misunderstood what I was asking. I don't want to send the CCV itself. I want a shortcode that would allow me send the Security Code. This is the same Security Code that Beds24 sends by email when a new booking is received. The Security Code, in turn, can be used to show the 3-digit credit card CCV code from the Beds24 backend. I mentioned this to Beds24 in a Support Request Ticket, and they responded almost immediately.

Beds24 doesn't have a template variable for the Security Code (again citing credit card security as the reason), but Mark Kinchin added an option to the additional email so one can append a copy of the standard email to the bottom of it, and this will contain the Security Code. Activate it at Settings > Account > Host Notifications.

[Epicea_old]

I hadn't realised you meant that code.

But, on our system they're no longer encoded anyway and I can't see an option to turn that back on. I did see "Credit Card Security" as an option to email CCV which looks wrong.

[jnasevich]

Account | Preferences | Credit Card Security. Options are "Store CCV" and "Email CCV". Storing the CCV with the rest of the credit card info seems less secure to me. The "Email CCV" option doesn't actually email the CCV itself, but a separate Security Code that can then be used to decode the CCV from the booking data. Once you enter the code, you can read the CCV. You cannot read it without the code. So if somebody gets access to your Beds24 account, they still cannot read the CCV unless they also have access to your email (and know to look there for the code). The Beds24 online help says:

Credit Card Security

Best practice for credit card security is not to store the card CCV number with the other card details.

Store CCV will store the CCV number. Although the data is stored and transmitted encrypted, anyone who gains login access to your account will be able to view it.

Email CCV sends an encrypted Security Code in the host booking notification email. The CCV is not stored. The CCV can only be viewed by entering the encrypted security code into the booking details.