Treat your customers' card data as you would want others to treat yours.
An unstoppable freight-train is about to plow through your building (if it hasn't, already) and the residual damage is up to you! PCI (Payment Card Industry) and CISP (Cardholder Information Security Program) compliance has directly affected small and large merchants as the train makes its way through the business community. The order is according to assessed risk, and the consequences of non-compliance are severe (not to mention the "it's the right thing to do" factor).
If you have a merchant account, protecting your customers' credit card data has always been your obligation, but you probably never had to prove it. If you've ever personally had a payment card compromised, you wish everyone were compliant to give your card number a fighting chance to remain private. It's also alarming to realize that credit card fraud funds terrorism around the world (psst: because so far, it's been a cakewalk for the terrorist folks.).
Particularly in the rental unit business (the nature of a reservation is detailed information), personal data storage is a critical issue. The credit card information portion of that data is so hot, you do not even want to store it if it is at all humanly possible to avoid that scenario.
Alas, you may think compliancy only has to do with your software. Get ready to re-think that idea, because there are a slew of other considerations such as who is looking over the shoulders of your personnel when they are handling sensitive data.
Interesting, applicable links to help you sort through the conundrum:
Read an excellent, logical industry white paper (it doesn't have any acronyms in it). And, your business would benefit if you and each employee in your organization were required to read Credit Cards 101.
Posted by Eddie and Tina Nelson