Rental Car Manager has completed our Payment Card Industry (PCI) compliance for Visa and MasterCard. A small part of this was the implementation of the Credit Card vault which we are sure you are now familiar with. This PCI certification means that you as a merchant are able to fulfil your own PCI requirements in a very cost effective and timely manner.

Part of these requirements is ensuring that Rental Car Operators who are viewing credit card details are authenticated correctly when logging into RCM. This requires that you are accessing RCM from a known location, which is checked during the login process. Alternatively if you are travelling regularly and need access to credit card details you will need to use our two factor authentication service.

There are two levels of access to credit card information:

The first level allows people to add credit cards to the vault people who only require this access do NOT need to have their location checked. All Rental Car Operators have this ability by default.

The second level of access is the ability to view and remove credit card information, people who require this access will need to be properly authenticated when logging into the system.

The authentication process for enabling access to the credit cards can be done in one of two ways. The first is by ensuring you are logging into RCM from a known location, this requires a static IP address that has been setup in the system. If you are unable to obtain a static IP address, you can log into RCM using Two Factor Authentication. Both of these options are discussed in the following two sections.

Note that a user will still only have access to view credit card information if within RCM their user has had the option “User can access customer credit card details” set to “Yes”.

Logging in using a static IP address allows RCM to verify that the user is accessing the system from a location that has been deemed to be valid and authorised.

This check stops people accessing the credit card information even if they are logging in with a valid username/password unless they are coming from a specific location.

You can find out what IP you are currently using by visiting the site http://whatismyipaddress.com/, or navigating to Google and typing in “what is my ip”.

You can specify and authorise an IP address for a location in System Setup> User Maintenance - 'Approved Countries or IP Addresses" tab. 

 If you cannot see this tab, you do not have Company Administrator access.

Existing  authorised IPs  will appear in the list.   You can add any additional entries as required. 

An IP address can also be authorised at the user level.  This is done in the System Setup>User Maintenance  Permissions tab for an individual user. 

This will restrict user access to the specific IP address. 

For more information on User settings please see the User Management article. 

The IP address can also be specified at the Location level through System Setup>Locations

This is a good option if you just have the one IP for each location, as it allows you to make any changes that might occur if the IP address changes for any reason.

Please note  that to be able to add an IP address to either a location or a user within RCM, the person making the changes needs to be logged in using an IP address that has already been setup.

Once you have setup the IP address at either the Location or User level the card details will be able to be viewed if the operator has connected to RCM from the known IP address of one of your Locations stored in RCM. OR if the IP address has been set at the user level, when that user connects to RCM from the IP address assigned to them they will have access to view the credit card details.

If users require access to view the credit card information and they are unable to obtain a static IP address then they will need to use the Two Factor Authentication.

There are several reasons you may be unable to obtain a static IP address.

The two major ones are either:

Your ISP is unable to provide a static IP for your office location, or

You are accessing RCM from a mobile device which cannot use a static IP address.

If your ISP is unable to provide a static IP for your office location, all of the users at that location who require access to view credit card information will have to use the Two Factor Authentication method.

If you are accessing RCM from a mobile device and require access to view credit card information then you will need to use the Two Factor Authentication method.

Rental Car Manager provides a two-factor authentication service.  Just like your banks token authentication, the RCM authentication solution enhances the security of your RCM account by using your mobile phone to verify your identity.

Please refer to the following Knowledge Base article for more information about the Rental Car Manager two-factor authentication.