Is my ThinkReservations account secure?
ThinkReservations goes above and beyond to ensure the safety and security of your account. We have taken steps to ensure that only authorized users can access your account and actively block suspicious bad actors from attempting to gain access.
Security is everyone's responsibility. You can take steps to help secure your own account, such as setting a strong password.
Here are some things you should do to secure your account:
Set a secure password, and change it often. Consider using a password manager to help you manage your passwords. ThinkReservations requires users to change their passwords every 90 days.
Use MFA (Multi-Factor Authentication) so that even if someone gets your password, they cannot log in. ThinkReservations requires each user to use MFA.
The email address used to log in should only be accessible by the individual user. Role-based emails, such as stay@, are not recommended.
Each user should have their own user account. This also helps ensure accountability, as actions are recorded under the logged-in user.
Do not share usernames and passwords. If you need to give temporary or limited access to an individual, create a user for them. You can set permissions so the user can only access what they need.
Be cautious of phishing emails and messages. Always verify the source before clicking on links or downloading attachments. Carefully inspect the URL in the address bar.
Audit your users and their permissions. Navigate to Settings > User Management and review the users who have access to your account.
Give users only the permissions they need to perform their job.
Delete users who no longer need access.
Is ThinkReservations PCI compliant?
PCI Compliance and security are extremely important to us at ThinkReservations. ThinkReservations is PCI v4.0 compliant, meaning we are fully compliant as verified by an external audit. A copy of our current AoC (Attestation of Compliance) is attached to the bottom of this article. ThinkReservations is responsible for the security of cardholder data that we store, process, or transmit on behalf of the customer.
It's also important to note that any lodging business that accepts credit cards must be PCI compliant. PCI compliance is something that your payment processor helps you with. Most companies partner with a PCI DSS compliance company to assist the property. It is very technical, and many of our smaller customers have concerns, so it's important to work with your payment processor compliance company. They are educated on this topic and equipped to walk you through the process. It's important to go through the PCI compliance process to ensure your business is compliant. Even though you don't store credit card information in the system, you still take credit card numbers over the phone and enter them into a computer, so PCI compliance comes into play.
How safe is my data online?
ThinkReservations was built with redundancy in mind. Your data is stored in our database, which has an up-to-the-moment backup in a completely separate data center. We have systems in place to automatically "failover" to the backup copy if the original database server has any issues. Every night, the entire data set (including your data!) is backed up and stored with 99.999999999% durability. Even the backups are stored across multiple data centers to make sure they are always available. Suffice to say, your data is very safe!
Is ThinkReservations ADA compliant?
Regarding ADA compliance, ThinkReservations has implemented various changes to the Booking Engine to achieve substantial conformance with accessibility guidelines. This includes ALT Tags for images and the ability to mark certain rooms as 'ADA accessible.' Does this mean that ThinkReservations is 100% compliant? Technically, it is impossible to be 100% compliant, as some standards are still not defined and have been interpreted differently by the courts. Instead, with these changes, we are achieving substantial conformance with the recommended guidelines. Continuing to improve and remain accessible is important to us. In that regard, we are working with a third-party assessor to conduct manual reviews of the Booking Engine to continue staying up to date with accessibility guidelines. Please note that the business still has the responsibility to take advantage of these features made available to them in ThinkReservations, such as setting appropriate alt text for images. Learn more about that here.
Is ThinkReservations GDPR compliant?
The General Data Protection Regulation (GDPR) is an EU law that will change how organizations deal with the personal data of EU citizens. It went into effect on May 25, 2018. While it was built for EU citizens, it can affect any organization that does business in the EU.
ThinkReservations has made the following changes to help ensure that we are in compliance with GDPR:
The checkbox for guests to agree to receive marketing materials is now unchecked by default in the Booking Engine. Guests must now click to select the checkbox to agree to receive marketing materials.
Reservations made through the OTAs will, by default, have the checkbox for agreeing to marketing emails be unchecked. You will need to confirm with these guests, upon their arrival at your property, whether they would like to receive marketing or promotional materials.
We have made your Privacy Policy editable. You can now define your Privacy Policy to ensure you are compliant with GDPR. To find the URL to your privacy policy or to modify it, please go to Settings -> Business Settings.
Additionally, ThinkReservations has reviewed our policies on the guests' "right to be forgotten." If a guest requests to be forgotten, you can open the Customer profile and click the "Delete" button. When you do this, the customer data is permanently removed from our servers. Please note that any reservations for that guest will no longer be assigned to a customer.
How does ThinkReservations help protect against bot attacks?
A bot attack is the use of automated web requests to manipulate, defraud, or disrupt a website, application, API, or end users. ThinkReservations protects against bot attacks using a variety of techniques.
Our web forms (booking engine, gift certificate pipeline, etc) use reCAPTCHA to distinguish between human activity and bot activity. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on your website.
Additionally, the forms are protected by a WAF (web application firewall) that constantly monitors and blocks inappropriate traffic indicative of a bot attack.
Protecting the privacy of our customers and your guests is important to us. We are glad to make these changes to help ensure that your business and ours remain in compliance.
If you have any questions, please reach out to support!
ThinkReservations PCI DSS AoC document: