In order to enhance security of our customers’ credit card information, and as outlined in previous announcements, PCI Booking has implemented changes to the CVV Retention Policy. 

The new CVV Retention Policy covers two major components:

While previous CVV Retention Policies have allowed indefinite storage, CVV values may now be stored for a limited time (up to 48 months), with the default storage period set to one month. This CVV storage period can be adjusted by users, either by updating the booker wide settings or manually through one of the API requests. When this new policy comes into effect, CVV data will be deleted from card tokens that exceed the period set for storage of CVV data. The previous CVV Retention Policy, which allowed for unlimited number of relays of the card details (including the CVV), has now been replaced with Card Relay Whitelist, a structure which will allow customers to set the destinations that the card details, with the CVV, can be relayed to. We will begin enforcing the CVV retention policy on April 16th, 2018. In order to learn more, please view our CVV Retention Policy guide for details, explanations of these new changes and the available methods for setting the CVV retention policy. If you have any questions, please do not hesitate to contact our support team. Thank you.

• * The duration that CVV data can be stored for before automatic deletion.
• * Where the CVV data may be sent to and the frequency of such relays.