This dialog is accessed through Maintenance / Credit Cards / Security Setup. The options here allow some flexibility in the way credit card information is handled by the program. We recommend that all security precautions be enabled, however we also recognize that the user prefers some control.
These options apply whether you process credit cards through Campground Master or not, as long as you're entering credit card information in the designated fields for Guarantee Information or for Payments and Deposits. If you put credit cards in other places, such as Notes fields, then that information is not secure at all regardless of these options.
Important: For maximum security, all options here should be checked (enabled). While disabling some options can make it more convenient for the user, be aware that any disabled options reduce the security of your customers' credit card information!
Note: Also see Maintenance / Park Setup / Access Levels to restrict operator access for viewing credit card numbers.
Visa / PCI Compliance settings
The first four options are related to the "PCI" compliance issues for merchants. In particular, the compliance rules state that the security codes (CVC/CVV2 codes on the back) and the "swipe" data (the extra data present on the magnetic strip on credit cards) should never be stored. Disabling any of these options puts your company at risk of a large fine if your data is ever compromised. However if you prefer to keep this information stored for guarantees (in case you need to charge the card later), you can do so by disabling the option. Likewise, because it's cheaper to process cards with the swipe data (as "card present" transactions, you may choose to risk storing this information so that any subsequent transactions once you swipe the card will be at the lower rate.
Note: If these were not previously enabled, then you should also do the Credit Card History / Security Cleanup functions to remove any existing swipe and CVC data.
Credit Card Number Security settings
These options aren't strictly related to compliance, but they do increase the security to minimize the threat of your customers' credit card information getting in the wrong hands.
Three of these options allow you to configure how long the "Guarantee" information is kept. This refers to the entire card information, not just the swipe data and security code. For instance if you opt to remove guarantee information, then the entire card number, etc. is removed. Besides keeping operators from viewing it, this also means that it won't be accidentally used for later transactions by the customer (assuming this is enabled at all, see below).
Don't retrieve previous credit card information for new transactions and guarantee info -- We recommend keeping this enabled. If this is disabled, when guaranteeing or adding a payment or deposit to a reservation (or customer) it will check previous transactions or guarantees for credit card information. If a previous credit card is found, that card information will be filled in automatically (but can be re-entered using the "Re-do swipe" button). Also note that this retrieved data might not have the swipe data (according to the PCI settings above), in which case it would be more expensive to process the charge. This is another reason we recommend that you keep this enabled, so you're always forced to swipe the card again and will get the best processing rate.
Limit retrieval of previous card information to the current reservation's transactions -- If you allow previous card retrieval at all (by disabling the previous option), it's a good idea to limit it to the current reservation. Besides security reasons, this keeps you from accidentally charging to an old card from a previous stay.
Removing card information completely
There aren't specific options for automatically removing credit card numbers, etc. from processed transactions after a reservation is checked out. This is primarily because things would be made unduly difficult if you need to later add a charge or process a credit to the customer, or for instance if the customer asks which card they used. As long as you keep the option above enabled so it doesn't retrieve previous information, and set Access Level settings appropriate to keep non-administrator operators from seeing the full card numbers, then this should be sufficient security.
However we do recommend that you periodically purge old credit card information using the Credit Card History/Security Cleanup functions. This can be done as often as you like, so if you're extreme about security you may want to do the cleanup at the end of each day.