Restricting Access to the Credit Card Vault

Restricting Access to the Credit Card Vault


Overview

Rental Car Manager has completed our Payment Card Industry (PCI) compliance for Visa and MasterCard. A small part of this was the implementation of the Credit Card vault which we are sure you are now familiar with. This PCI certification means that you as a merchant are able to fulfil your own PCI requirements in a very cost effective and timely manner.

Part of these requirements is ensuring that Rental Car Operators who are viewing credit card details are authenticated correctly when logging into RCM. This requires that you are accessing RCM from a known location, which is checked during the login process. Alternatively if you are travelling regularly and need access to credit card details you will need to use our two factor authentication service.

There are two levels of access to credit card information:

The first level allows people to add credit cards to the vault people who only require this access do NOT need to have their location checked. All Rental Car Operators have this ability by default.

The second level of access is the ability to view and remove credit card information, people who require this access will need to be properly authenticated when logging into the system.

The authentication process for enabling access to the credit cards can be done in one of two ways. The first is by ensuring you are logging into RCM from a known location, this requires a static IP address that has been setup in the system. If you are unable to obtain a static IP address, you can log into RCM using Two Factor Authentication. Both of these options are discussed in the following two sections.


Note that a user will still only have access to view credit card information if within RCM their user has had the option “User can access customer credit card details” set to “Yes”.





Static IP Addresses

Logging in using a static IP address allows RCM to verify that the user is accessing the system from a location that has been deemed to be valid and authorised.

This check stops people accessing the credit card information even if they are logging in with a valid username/password unless they are coming from a specific location.

You can find out what IP you are currently using by visiting the site http://whatismyipaddress.com/, or navigating to Google and typing in “what is my ip”.

If you require a static IP Address you will need to contact and obtain a ‘static IP ‘ address from your ISP  for the location(s) that you regularly access RCM from.

To be able to  specify/authorise static IP addresses , you need to have Company Administrator access.


You can specify and authorise an IP address for a location in System Setup> User Maintenance - 'Approved Countries or IP Addresses" tab. 
 If you cannot see this tab, you do not have Company Administrator access.

Existing  authorised IPs  will appear in the list.   You can add any additional entries as required. 



An IP address can also be authorised at the user level.  This is done in the System Setup>User Maintenance  Permissions tab for an individual user. 
This will restrict user access to the specific IP address. 



For more information on User settings please see the User Management article. 


The IP address can also be specified at the Location level through System Setup>Locations



This is a good option if you just have the one IP for each location, as it allows you to make any changes that might occur if the IP address changes for any reason.

Please note  that to be able to add an IP address to either a location or a user within RCM, the person making the changes needs to be logged in using an IP address that has already been setup.

Once you have setup the IP address at either the Location or User level the card details will be able to be viewed if the operator has connected to RCM from the known IP address of one of your Locations stored in RCM. OR if the IP address has been set at the user level, when that user connects to RCM from the IP address assigned to them they will have access to view the credit card details.


Two Factor Authentication

If users require access to view the credit card information and they are unable to obtain a static IP address then they will need to use the Two Factor Authentication.

There are several reasons you may be unable to obtain a static IP address.

The two major ones are either:

Your ISP is unable to provide a static IP for your office location, or
You are accessing RCM from a mobile device which cannot use a static IP address.
If your ISP is unable to provide a static IP for your office location, all of the users at that location who require access to view credit card information will have to use the Two Factor Authentication method.

If you are accessing RCM from a mobile device and require access to view credit card information then you will need to use the Two Factor Authentication method.

Rental Car Manager provides a two-factor authentication service.  Just like your banks token authentication, the RCM authentication solution enhances the security of your RCM account by using your mobile phone to verify your identity.

Please refer to the following Knowledge Base article for more information about the Rental Car Manager two-factor authentication. 


    Important Articles


      • Related Articles

      • Secure Credit Card Vault

        Purpose Rental Car Manager (RCM) allows you to securely store your customer's credit card(s) against a booking. To ensure that this meets the Payment Card Industry (PCI) compliance requirements set out by Visa, Mastercard and other card providers, a ...
      • Credit Card Vault Log

        Purpose The Credit Card Vault Log allows you to see which of your operators have been viewing the credit card details that are stored in the secure vault. Every time a credit card is viewed in the secure vault, a record is written to a log with the ...
      • New - New Credit Card Vault

        The Auric Credit Card Vault will be phased out at the end of December 2022.  This decision has been made as a result of our current supplier for the Credit Card Vault being acquired by a competitor who will no longer offer the same solution.  Rental ...
      • Credit Card Vault Costs Report

        Purpose: As there is a cost involved with the use of the secure credit card vault, the Credit Card Vault Costs report allows you to see what the costs for this usage will be. For more information about the secure credit card vault and the costs ...
      • Credit Card Token Migration

        Purpose As Rental Car Manager (RCM) is moving away from the older Credit Card Vault storage solution (Auric Vault) to both an Integration with the Stripe Payment Gateway and a new secure Credit Card Vault, the ability exists within RCM to allow for ...