Hi there,
Just wondering on the accuracy of CCV validation?
I just manually entered a booking for a guest with a CCV of 060 and was told it was an invalid CCV so couldn't save it.
Since it was a CCV that came from booking.com I'd assume it was valid.
Regards
Stephen
Accuracy of CCV validation?
OK, have figured out that the Security Code being requested when manually entered the booking is not actually the CCV, but the Security Code supplied in email sent for booking confirmation.
So am I correct that if my CCV security is set to Email CCV, there is no way for me to enter the CCV number when taking bookings over the phone?
So am I correct that if my CCV security is set to Email CCV, there is no way for me to enter the CCV number when taking bookings over the phone?
-
annettemorgenroth
- Posts: 1339
- Joined: Sun Jun 30, 2013 8:44 am
It is a very bad idea to store offline card details online.
If you have the card details from phone or other means do not put them online. If you do you are probably breaking your banks security policies.
If you have the card details from phone or other means do not put them online. If you do you are probably breaking your banks security policies.
Right! I'll just save the CCV numbers on sticky notes then 
When CC details are collected via the booking engine, you are storing them online. You are simply storing the CCV number separately and requiring it to be retrieved by a second security step. Why can the same feature not be enabled for bookings taken over the phone?
AMEX cards no longer require CCV numbers for processing, so in theory, even the date field should be stored separately.
When CC details are collected via the booking engine, you are storing them online. You are simply storing the CCV number separately and requiring it to be retrieved by a second security step. Why can the same feature not be enabled for bookings taken over the phone?
AMEX cards no longer require CCV numbers for processing, so in theory, even the date field should be stored separately.
-
Epicea_old
- Posts: 74
- Joined: Wed Mar 21, 2012 3:14 pm
Stephen,
Credit card details are not validated by booking.com.They have sent communications about this and are suggesting that they are considering some validation after receiving adverse feedback from properties.
It's fairly widely known that the details aren't being checked, some travel and consumer advice websites & broadcasts have identified this and suggest giving false details as a sophisticated ruse to outwit property owners and hold a room.
The last time we had fake details from booking.com after we marked them as invalid they generated emails telling us we should keep the booking open until 6pm on the day of arrival which is basically exactly what we're not prepared to do.
This is rife here since we're in a ski station and skiers frequently try and hold rooms and then not turn up if they decide they don't like the weather. As a result we take details and take a 20% deposit on booking.com reservations.
In contrast, beds24 takes the details and validates them. That can't detect if the card has funds or credit but it's robust enough. So much that we've never had any issue at all with a direct booking. We also use stripe with beds24 and that's totally hassle free.
Personally, I doubt booking.com have the slightest intention of validating the card details and I think what they'll actually do is create more obstacles to validating card details and taking deposits. They are clearly quite hapy with guests holding rooms even when the property doesn't allow it. The message regarding "free cancellation" is very prominent all over their site.
Credit card details are not validated by booking.com.They have sent communications about this and are suggesting that they are considering some validation after receiving adverse feedback from properties.
It's fairly widely known that the details aren't being checked, some travel and consumer advice websites & broadcasts have identified this and suggest giving false details as a sophisticated ruse to outwit property owners and hold a room.
The last time we had fake details from booking.com after we marked them as invalid they generated emails telling us we should keep the booking open until 6pm on the day of arrival which is basically exactly what we're not prepared to do.
This is rife here since we're in a ski station and skiers frequently try and hold rooms and then not turn up if they decide they don't like the weather. As a result we take details and take a 20% deposit on booking.com reservations.
In contrast, beds24 takes the details and validates them. That can't detect if the card has funds or credit but it's robust enough. So much that we've never had any issue at all with a direct booking. We also use stripe with beds24 and that's totally hassle free.
Personally, I doubt booking.com have the slightest intention of validating the card details and I think what they'll actually do is create more obstacles to validating card details and taking deposits. They are clearly quite hapy with guests holding rooms even when the property doesn't allow it. The message regarding "free cancellation" is very prominent all over their site.
Thanks Epicea,
Good to know.
But at this point I'm curious about whether manually entry of the CCV for an "over the phone" booking couldn't be implemented with the same security as those received via the web.
The suggestion we should store CC details in a separate location is not practical/efficient.
Regards
Stephen
Good to know.
But at this point I'm curious about whether manually entry of the CCV for an "over the phone" booking couldn't be implemented with the same security as those received via the web.
The suggestion we should store CC details in a separate location is not practical/efficient.
Regards
Stephen
-
annettemorgenroth
- Posts: 1339
- Joined: Sun Jun 30, 2013 8:44 am
PCI DSS dictates that the CCV and the card number should never be stored together online.wbstephen wrote: When CC details are collected via the booking engine, you are storing them online. You are simply storing the CCV number separately and requiring it to be retrieved by a second security step.
It is a bad idea to put any cards online unless it is absolutely necessary.wbstephen wrote: Why can the same feature not be enabled for bookings taken over the phone?