The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments.

To store, process and transmit cardholder data, you need to host that data securely with a PCI compliant hosting provider (this will be your payment gateway integration with Stripe or Braintree).
​

Most properties that need to store credit card data will use a third party credit card vault and tokenisation provider (Braintree or Stripe). By using a vault, the card data is removed from your possession and you are given back a "token" that can be used for billing. By using a payment gateway integration, you move the risk of storing card data to someone who specialises in doing that, and that have all of the security controls in place to keep the card data safe.
​

Being PCI DSS compliant demonstrates that your customers' private information is protected and secure. Your customers won't have to worry about the security of their data, and you won't have to worry about a security breach.
​

Storing a guest's credit card information in the booking notes, guest notes, or even writing them down on the guest's registration card/booking confirmation is NOT a safe way to store sensitive information. This opens up the guest's card information to being stolen and/or defrauded.
​

Braintree's PCI compliance FAQ

Stripe's PCI DSS guidelines

Preno's integration with Payment Gateways (Braintree and Stripe) ensures you can securely store credit cards and bill your guest from within Preno.