Enhanced PMS Safeguards
Beyond daily best practices, Visual Matrix includes powerful security features that managers can configure to protect their property from fraud and unauthorized access. Enabling and monitoring these safeguards creates multiple layers of defense against common attacks.
Multi-Factor Authentication (MFA)
Multi-Factor Authentication adds a second verification step beyond the password.
- To activate MFA, each user must have a valid email address entered under Management → User Settings → Security.
- Once entered, Visual Matrix Support can enable MFA for the property.
- After activation, users will receive an authentication email during login, making stolen passwords much less effective.
Supervisor Permissions & Refund Thresholds
Fraudulent refunds are a frequent target in social engineering and credential theft attacks.
- Under Management → Property Settings → Parameters, set a “2nd Code for Refunds over $ Amount.”
- Only supervisors (or users with supervisor approval) can process refunds above the set threshold.
- Limit supervisor permissions to essential staff only. Too many supervisors greatly increase risk.
Payment Processor Protections
Some vulnerabilities can be closed by working with your payment processor.
- Ask your processor (for example, Shift4) to disable Independent Refunds.
- This setting blocks refunds to credit cards that were never used for payment at your property.
- Blocking independent refunds is one of the simplest and most effective fraud prevention steps.
Protect Cardholder Data Entry
Credit card numbers or cardholder details must only be entered in the secure, designated payment fields that tokenize card data.
- Do not place card data in free-text or non-payment fields such as Comments, Notes, folio memos, guest messages, or custom fields.
- Tokenized payment fields are the only approved and PCI-compliant location for card entry.
- Entering card data in other fields violates PCI standards, increases the risk of exposure, and may create compliance issues.
- If card details are found in a non-payment field, they should be redacted immediately and reported to management following your property’s incident response procedures.
Remote Access & IP Controls
Unauthorized remote access is a leading cause of breaches.
- Review IP restrictions under Management → User Settings → Security → Manage IP Security.
- Limit remote access to the property’s IP address or approved static corporate IPs.
- Avoid enabling “anywhere” access unless it is business-critical for specific staff.
User Account Reviews
Regular account management is essential.
- Audit user accounts periodically and remove any inactive or unknown users.
- Confirm each account’s role and downgrade any unnecessary supervisor access.
- Ensure that every account is tied to a real, current employee.
These safeguards go beyond everyday best practices and use Visual Matrix’s built-in features to block attackers before they can cause damage. Configuring MFA, refund thresholds, processor settings, and IP controls — and reviewing accounts regularly — are some of the most effective steps you can take to protect your hotel.
Still need help with this topic?
Ask Yourself:
- Have I entered valid email addresses for all users so MFA can be enabled?
- What is our current refund threshold, and does it make sense for our property?
- Do too many users have supervisor permissions?
- Have I confirmed with our processor that Independent Refunds are disabled?
- Do I regularly check and update the Manage IP Security settings?
- When was the last time I removed unused or inactive accounts?
Support May Ask You:
- Have MFA email addresses been added to all user profiles?
- What is your configured refund threshold (amount)?
- Which users currently have supervisor permissions?
- Has your processor confirmed whether Independent Refunds are disabled?
- Which IP addresses are listed in your Manage IP Security settings?
- Can you provide a list of accounts you believe may be inactive or unnecessary?
Related Article(s)
Related Articles
FAQ - PMS Safety & Security
Security in the hospitality industry is more than a best practice — it’s a vital guardrail for your guests, your staff, and your property’s operations. At Visual Matrix PMS, we build in robust safeguards to protect your system, but the strongest ...Visual Matrix Security Overview
Security is at the core of everything we do at Visual Matrix. From protecting guest data to preventing fraud, keeping your PMS secure requires a partnership between our technology safeguards and your property’s daily practices. Every hotel faces the ...**Glossary and Common Acronyms (Index) - Visual Matrix PMS
1-10 A B C D E F G H I K L M N O P R S T U V W X Y Z 1-10 1099 The 1099 form is used to report to the US government income earned by travel agents as commissions, and income earned by owners of hotel condo units after any deductions but before any ...How Visual Matrix PMS Calculates Taxes
Visual Matrix Cloud PMS calculates taxes on a per-day, per-tax basis to ensure accuracy, compliance, and consistency across every folio. Each tax rate is applied individually to the room charge, rounded, and then added to the total. This method ...Visual Matrix Security Collection
Security is a shared responsibility. Visual Matrix provides the tools and safeguards you need to protect your PMS, but every property must also take active steps to reduce risks from fraud, phishing, and unauthorized access. This collection brings ...