FAQ - PMS Safety & Security
Security in the hospitality industry is more than a best practice — it’s a vital guardrail for your guests, your staff, and your property’s operations. At Visual Matrix PMS, we build in robust safeguards to protect your system, but the strongest defence arises when you pair those tools with consistent on-property practices. As our Security Overview puts it:
“Security is at the core of everything we do at Visual Matrix. From protecting guest data to preventing fraud, keeping your PMS secure requires a partnership between our technology safeguards and your property’s daily practices.”
“Hospitality systems are prime targets because they store valuable information and process financial transactions daily.”
To learn more about why security matters and how Visual Matrix approaches it, you can also review the article Visual Matrix Security Overview.
This FAQ is designed to give you clear, actionable answers that align with those principles — helping you configure the system, train staff, and maintain a secure environment for your operations.
What does Visual Matrix do to help keep my PMS secure?
Visual Matrix provides multiple built-in safeguards—including MFA, IP-based login restrictions, supervisor-level permissions, and secure payment interfaces—to help protect your property’s data. These tools work best when combined with strong daily practices at the property.
What everyday best practices should staff follow?
Use individual accounts, strong passwords, avoid public Wi-Fi, stay alert for phishing attempts, and never enter credit-card numbers in free-text fields.
Does Visual Matrix support Multi-Factor Authentication (MFA)?
Yes. MFA is fully available for PMS login. Each user must have a valid email on file, and your property can request MFA activation through Visual Matrix Support.
Can we restrict where the PMS is accessed from?
Yes. Visual Matrix supports IP-based login restrictions, and this feature is automatically enabled when your property goes live. By default, the PMS will only allow logins from approved IP addresses—typically your property’s network—helping prevent unauthorized access from unknown or unsafe locations.
You can view or update your approved IP list under Management → User Settings → Security → Manage IP Security, but we recommend making changes only when necessary and ensuring that any new IP addresses belong to secure, trusted networks.
How does Visual Matrix help prevent unauthorized refunds?
Several safeguards are available:
- Configure all refund posting codes as Supervisor Only
- Set a 2nd Code for Refunds Over $ Amount (requires supervisor approval)
- Limit supervisor access to essential staff only
Can the PMS restrict refunds to the exact card originally charged?
Not yet. However, Visual Matrix strongly recommends working with your credit-card processor (e.g., Shift4) to disable independent refunds, which prevents issuing refunds to cards that were never charged at the property.
Can we restrict refunds to managers only?
Yes. Set all refund posting codes to Supervisor Only and ensure only managers have Supervisor roles.
Can we completely disable refunds in Visual Matrix?
Yes. You can:
- Set the property-wide refund limit to $1, or
- Make all refund codes Supervisor Only
This prevents users from issuing refunds unless specifically authorized.
Can individual refund limits be set per user?
Not currently. However, you can set a system-level threshold using 2nd Code for Refunds Over $ Amount, which requires supervisor approval for refunds above a set amount.
What should we do if we suspect unauthorized access?
Contact local IT immediately, review the Security Log Report, check for compromised accounts or stored passwords, and file a police report if required.
Where should credit-card information be entered?
Only in secure, tokenized payment fields. Do not enter card data in Comments, Notes, Guest Messages, or Custom Fields.
How often should we review user accounts and permissions?
At least monthly—and immediately after staffing changes. Disable inactive accounts and restrict supervisor access to essential staff only.
What should we do if sensitive card data is found in a non-secure field?
Remove it immediately, review staff training, and consult your processor if needed for PCI guidance.
What training should hotel staff receive to stay secure?
Staff should know how to recognize phishing attempts, protect passwords, avoid suspicious links, and follow card-handling rules.
How does Visual Matrix Support ensure safe interactions?
Support uses formal tickets, official remote-access tools (Zoho Assist), and will never ask for passwords or card numbers. If unsure, call the official support number.
What is the shared responsibility between Visual Matrix and the property?
Visual Matrix provides a secure system and technical safeguards. The property is responsible for managing users, applying permissions, enforcing refund controls, training staff, and maintaining secure local devices and networks.
Related Articles
**Glossary and Common Acronyms (Index) - Visual Matrix PMS
1-10 A B C D E F G H I K L M N O P R S T U V W X Y Z 1-10 1099 The 1099 form is used to report to the US government income earned by travel agents as commissions, and income earned by owners of hotel condo units after any deductions but before any ...FAQ - Front Office / Reservations
Why does the estimated total show $0 when creating a single reservation under a group name, whereas guests want to pay individually? This occurs when the group master reservation's Guarantee Type is set to Room and Tax or All Charges. To resolve ...FAQ - VM Desktop PMS
Secondary Backup Failed: What Does This Mean? The "Secondary Backup Failed" message means that the secondary drive has not been detected. Visual Matrix performs two backups every night—one before the audit and one after. To resolve this, ensure that ...Visual Matrix Security Overview
Security is at the core of everything we do at Visual Matrix. From protecting guest data to preventing fraud, keeping your PMS secure requires a partnership between our technology safeguards and your property’s daily practices. Every hotel faces the ...FAQ - Sales and Marketing
Can we assign multiple rates to a company profile based on room type? While you can apply an override rate or discount code, or set up monthly or weekly rates for a company profile, the system does not allow assigning rates to specific room types. ...