Is my ThinkReservations account secure?
ThinkReservations goes above and beyond to ensure the safety and security of your account. We have taken steps to ensure that only authorized users can access your account and actively block suspicious bad actors from attempting to gain access.
Security is everyone's responsibility. You can take steps to help secure your own account, such as setting a strong password.
Here are some things you should do to secure your account:
Set a secure password, and change it often. Consider a password manager to help you keep track of your passwords. ThinkReservations requires users to change their password every 90 days.
Use MFA (Multi-Factor Authentication) so that even if someone gets your password, they cannot log in. ThinkReservations requires each user to use MFA.
The email address used to log in should only be accessible by the individual user. Role-based emails such as stay@ are not recommended.
Each user should have their own account. This also helps ensure accountability as actions are recorded based on the logged-in user.
Do not share usernames and passwords. If you have an individual you need to give temporary or limited access to, create a user for them. You can set permissions so the user can only access what they need.
Be cautious of phishing emails and messages. Always verify the source before clicking on links or downloading attachments. Carefully inspect the URL in the address bar.
Audit your users and their permissions. Navigate to Settings > User Management and review the users that have access to your account.
Give users only the permissions they need to perform their function.
Delete users that don't need access any longer.
Is ThinkReservations PCI compliant?
PCI Compliance and security are extremely important to us at ThinkReservations. ThinkReservations is PCI v3.2.1 compliant, which means we are fully compliant through an external audit. A copy of our current AoC (Attestation of Compliance) is attached to the bottom of this article. ThinkReservations is responsible for the security of cardholder data that we store, process, or transmit on behalf of the customer.
It's also important to note that any lodging business that handles credit cards also has to be PCI compliant. PCI compliance is something that your payment processor helps you with. Most companies partner with a PCI DSS compliance company to assist the property. It is very technical, and a lot of our smaller customers experience some concerns, so it's important to work with your payment processor compliance company. They are educated on this topic and equipped to walk you through the process. It's important to go through the PCI compliance process to ensure your business is compliant. Even though you don't store credit card information in the system, you still take credit card numbers over the phone and type them into a computer - so PCI compliance comes into play.
How safe is my data online?
ThinkReservations was built with redundancy in mind. Your data is stored on our database, which has an up-to-the-moment backup copy that exists in a completely different data center. We have systems in place to automatically "failover" to the backup copy if the original database server has any issue. Every night, the entire data set (including your data!) is backed up and stored with 99.999999999% durability. Even the backups are stored across multiple data centers to make sure they are always available. Suffice to say, your data is very safe!
Is ThinkReservations ADA compliant?
Regarding ADA compliance, ThinkReservations has implemented various changes to the Booking Engine to achieve substantial conformance with accessibility guidelines. This includes ALT Tags for images and the ability to mark certain rooms as 'ADA accessible.' Does this mean that ThinkReservations is 100% compliant? Technically, it is impossible to be 100% compliant as some of the standards are still not defined and have proven in court to be interpreted differently. Instead, with these changes, we are achieving substantial conformance with the recommended guidelines. Continuing to improve and remain accessible is important to us. With that regard, we are working with a third-party assessor to perform manual reviews of the Booking Engine to continue staying up to date with the accessibility guidelines. Please note that the business still has the responsibility to take advantage of these features made available to them in ThinkReservations, such as setting appropriate alt text for images. Reach more about that here.
Is ThinkReservations GDPR compliant?
The General Data Protection Regulation (GDPR) is an EU law that will change how organizations deal with the personal data of EU citizens. It went into effect on May 25, 2018. While it was built for EU citizens, it can affect any organization that does business in the EU.
ThinkReservations has made the following changes to help ensure that we are in compliance with GDPR:
The checkbox where guests agree to be sent marketing materials is now by default unchecked in the Booking Engine. Guests must now click to select the checkbox to agree to receive marketing materials.
Reservations made through the OTAs will, by default, have the checkbox for agreeing to marketing emails be unchecked. You will have to confirm with these guests when they arrive at your property whether they would like to receive marketing or promotional materials.
We have made your Privacy Policy editable. You can now define your Privacy Policy to ensure you are compliant with GDPR. To find the URL to your privacy policy or to modify it, please go to Settings -> Business Settings.
Additionally, ThinkReservations has reviewed our policies on the guests' "right to be forgotten." If a guest requests to be forgotten, you can open the Customer profile and click the "Delete" button. When you do this, the customer data is permanently removed from our servers. Please know that the reservations for that guest will continue to exist without a customer associated.
How does ThinkReservations help protect against bot attacks?
A bot attack is the use of automatic web requests to manipulate, defraud, or disrupt a website, application, API, or end-users. ThinkReservations protects against bot attacks using a variety of techniques.
Our web forms (booking engine, gift certificate pipeline, etc) use reCAPTCHA to distinguish between human activity and bot activity. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on your website.
Additionally, the forms are fronted by a WAF (web application firewall that is constantly monitoring and blocking inappropriate traffic that represents a bot attack.
Protecting the privacy of our customers and your guests is important to us. We are glad to make these changes to help ensure your business and our business stays in compliance.
If you have any questions, please reach out to support!
ThinkReservations PCI DSS AoC document: