PCI DSS Changes as of Oct 1, 2008

Deposit Policy

We require a deposit equal to the first night's lodging plus applicable taxes for all reservations. The deposit is payable upon booking. We no longer accept credit card guarantees for reservations. All cancellations are subject to a US$30 transaction fee. The deposit is subject to forfeiture for "no shows" and cancellations received later than 72 hours prior to check-in time (3 p.m.) on the scheduled arrival date.

Please note that we do not retain credit data on site. On-line credit card transactions are handled by a secure credit-card processing site (AUTHORIZE.NET), that guarantees full compliance with current credit card security standards.

These credit card security standards were recently revised by the major credit card issuers (Visa, MasterCard, Discover, American Express and others) to improve protection for credit card users. The revisions have a direct impact on the way your personal data is secured and how hotel bookings are guaranteed.

Called the PCI DSS (Payment Card Industry Data Security Standard), these guidelines were developed in 2006 to help organizations that process card payments reduce credit card fraud, hacking and various other security vulnerabilities. Compliance with the standard became mandatory December 31, 2008.

Among other things the standard calls for frequent security audits and other measures that are prohibitively expensive for small merchants, so credit card processing is often outsourced to third-party processors who can guarantee complete security. Thus, the Roosevelt Inn no longer processes on-line payments in house.

The Roosevelt Inn does not receive credit card information that you provide on-line. As a practical matter this means:

Your personal information is secure.
Since we can no longer offer credit card "guarantees" to hold rooms we must now require the deposit.

You may have already noticed the effects of the PCI DSS elsewhere. For instance, when you use your credit card at many retailers, there is a terminal where you swipe your own card directly. This prevents the clerk from knowing any details about your credit card.

For businesses in the travel industry this new standard presents special problems. The old method of holding your credit card information is a security risk which is not in compliance with PCI DSS. For instance, a clerk might have access not only to your credit card data -- including the CCV code -- but also your home address and phone number. The new system reduces the risk that this information will be seen by unscrupulous store clerks.

Although we all can applaud this improved security, it comes at the cost of less convenience. Notably, this means that if you wish to change or cancel a reservation you must do so in the same manner as the reservation was made. For instance, if you make a reservation on line and you wish to change or cancel it, you must do so on-line also -- you cannot do it by phone because the phone operator does not have access to your personal data.

Finally because credit card transactions are held for only 120 days, we cannot facilitate any refunds for rooms held longer than 120 days. Please bear this in mind when booking.