With Build 193, Digital Rez is providing a much harder encryption system to ensure proper storage of your customer’s credit card data, as stated in the latest requirements for Payment Card Industry (PCI) compliancy. The improvements below are provided in this critical update.

New Features:

- 1. Public / Private Key Security: This update provides the resort a ‘Private Key’ which is a large string of characters that RSA encryption uses when it is encrypting and decrypting data. All credit card numbers and expiry dates are encrypted according to the accredited ‘RSA & SHA Encryption’ standard. Special Note: Loss of this Private Key file will result in the loss of any credit card data stored in the database. So, keep it stored safe, outside of the computer, preferably offsite in a secure place. Because digital files can be lost or corrupted, management may want to write the encryption password/key onto a piece of paper and have it stored safely away. Your credit card files are now stored within the systems SQL Server database records at a 1024 bit level of encryption. This exceeds current PCI requirements.

- 2. Employee Passwords: Your employees’ passwords have been encrypted and we have no back door capability to retrieve this login information via a support call. This is to ensure that the system adheres to PCI compliancy standards as well.

- 3. Data Conversion : This update, once completed, applies all of the required encryption necessary to secure all of your records. Be aware that database backups made prior to this update will no longer restore properly, so ensure that all backups have been made and checked before proceeding with your update. We can only help clients recover if proper backups are available. After your update is successfully completed, be sure to make a new backup.

- 4. Credit Card Removal Tool : This update provides improvements to the Credit Card Deletion Tool. The tool is ‘Off’ by default as we cannot dictate its usage. The Credit Card Deletion Policy Setup interface provides you the ability to set the duration of retention of this information before removal.

- 5. Terminal Usage Timeout: To comply with new security requirements, the system checks for terminal activity. If within 15 minutes, the terminal remains totally inactive, the employee will be logged off and will be required to log back in to continue using the program. Login passwords must NEVER be shared.

- 6. Inactive Employee Password Renewal: If an employee has not logged into the program for 30 consecutive days, their password will be expired and must be renewed through Employee Setup by a manager.

- 7. RezRobot Version 3.0: Your RezRobot Online Booking Engine is now PCI compliant with the same security requirements that have been implemented for your front desk software. Some of the new features are outlined here.

• Secure RezExpert Oracle 11G database back end.
• PCI Compliant method of data transfer using an XML exchange.
• Public / Private Key Security.
• Credit Card Tokenization through JetPay MS.
• Non person Occupant Type handling.
• Rate quoting has been improved and exact rates are now quoted for entire length of stay selected.
• Vehicle Info improvements.
• Total Charges improved with a Tax breakdown added.