The following security measures are to help you better protect yourself, your agency and your clients. These security measures are completely in the hands of the agency and its agents. Whenever there is an appropriate opportunity, please share this with your agents to strengthen their understanding. Good occasions include but are not limited to training, training documents, personal conversations, and email correspondence.

Operating System Security

At VAX VacationAccess, we value security and take great measures to secure the VAX platform from security threats and vulnerabilities. When any computer operating system or internet browser is declared unsupported, the risk of an attack increases and security patches and updates to prevent attacks are no longer provided. This increases the risk of PCs becoming infected with viruses and malicious malware.

Are you using Windows XP in combination with Internet Explorer 8? We would like to specifically call out that Microsoft is no longer providing support for Windows XP. If your computer uses the XP operating system, it is vulnerable to security risks and Microsoft recommends that all XP users upgrade their operating systems immediately. VAX VacationAccess will no longer be accessible as of December 7, 2016 if you are using Windows XP in combination with Internet Explorer 8. Take action now to ensure you are secure and have uninterrupted access to VAX. Learn More

Browser Security

Using unsupported operating systems and outdated browser combinations leave you vulnerable to brute force attacks that could leave you exposed to hackers stealing sensitive customer/agent data.

To reduce your risk, upgrade to the latest browser version.

WhatBrowser.org will tell you what browser you're using and if a newer version is available.

Chrome
Get the latest version of Chrome

Firefox
Get the latest version of Firefox

Safari
Get the latest version of Safari

Internet Explorer
Get the latest version of Internet Explorer

Agency Account Security

Site Managers are responsible for agency accounts and all account activity.

It is critical that Agency Site Managers actively manage agent access in the Manage Users section of VAX Member Services. If at any time an agent leaves or is terminated, it is mandatory that their access be removed.

The Site Manager is provided the ability to reset passwords, lock and remove specific accounts to accommodate agent activity such as leaving the agency or taking a leave of absence. Leaving an account open when the employee is no longer with the company leaves the agency at great risk for fraudulent bookings. This is an even higher risk when a Site Manager leaves an agency.

Note: An agency can have more than one Site Manager but it is advisable to keep this to a minimum.

In addition, it is essential that VAX users never share password information with anyone. This must be effectively communicated across your agency and very much stressed. Agents that share password information create great liability and potential loss of funds to the agency.

Credit Card Security

All companies that process, store, or transmit credit card information are required to ensure cardholder data is secure and handled according to PCI standards. The Payment Card Industry (PCI) Data Security Standard is a set of requirements designed to ensure the security of cardholder data.

PCI affects anyone who has access to credit card data or systems processing credit card data.

You are responsible for ensuring your agency is fully trained, knowledgeable and compliant with PCI requirements. For more information visit the PCI Security Standards Council's website: www.pcisecuritystandards.org/merchants

All personally identifiable information associated with the cardholder that is stored, processed, or transmitted in any way is considered cardholder data. Cardholder data includes personal information (ex: name, address, phone number, birthdate, social security number) and credit card information (ex: account number, credit card validation code, expiration date, magnetic stripe data).

Guidelines for protecting cardholder data

  • Credit card information should be provided on need-to-know basis only
  • Do not keep any written record of cardholder data
  • Do not email or text credit card or personal information
  • Do not take screenshots or print website pages when cardholder data is visible
  • Do not copy credit card information to other programs or locations
 

VAX VacationAccess it not liable for the result of any technology decisions made based on the above information. Agents are responsible for performing their own due diligence and should speak with their manager or IT personnel to determine if upgrading browsers is right for their business.