Help Center
Category Icon
Files Dashboard
Category Icon
All Itineraries
Category Icon
Calendar Builder Itineraries
Category Icon
Guest Portals
Category Icon
Content Library
Category Icon
Task Manager
Category Icon
Invoicing & Financials
Category Icon
Integrations
Category Icon
General
Category Icon
Webinars
2025 Webinars
2023 Webinars
2022 Webinars
Credit card authorization security & PCI compliance
Learn how Safari Portal securely collects, stores, and protects credit card information, including PCI compliance, tokenization, encryption, and your agency's responsibilities.

Safari Portal's Credit Card Authorization feature is designed to securely collect and store client payment details while minimizing your PCI compliance burden. Below are answers to some of the most common questions about how card data is handled.


Where is card data stored?

When a client enters their credit card details into a Safari Portal form, the information is never stored in Safari Portal's database.

Instead, card details are securely captured and stored by PCI Vault (pcivault.io), a PCI DSS Level 1 certified provider specializing in secure card tokenization and encrypted payment data storage.

Safari Portal stores only:

  • A secure token referencing the card
  • Cardholder name
  • Card expiry date
  • Last four digits of the card number

The full card number is never written to Safari Portal's database.

Is the CVV (security code) stored?

The CVV (security code) is securely stored within PCI Vault's PCI DSS Level 1 environment and is never stored in Safari Portal's database.

How are card numbers displayed?

Throughout Safari Portal, card numbers are displayed in a masked format, showing only the last four digits.

For agencies whose workflow requires manually entering the card into a host agency system or supplier portal, authorized users can reveal the full card number when needed.

Is card data encrypted?

Yes. Cardholder data is encrypted at rest within PCI Vault's secure infrastructure.


Because Safari Portal stores only a token rather than the card itself:

  • No card numbers exist within Safari Portal's database.
  • Safari Portal engineers cannot retrieve card numbers from the database.
  • Access to decrypted card information is strictly controlled through PCI Vault's secure infrastructure and only available to authorized users.

Is Safari Portal PCI compliant?

Safari Portal relies on PCI Vault's PCI DSS Level 1 certified environment for the capture, tokenization, and storage of cardholder data.

PCI Vault maintains the secure cardholder data environment and provides the applicable Attestation of Compliance (AOC) covering card storage and tokenization.



Is card data encrypted at rest, and who can access it?

Yes. All cardholder data is encrypted at rest within PCI Vault's PCI DSS Level 1 certified environment.

Safari Portal does not store full card numbers in its own database. Access to cardholder data is strictly limited to a small number of senior technical leaders within Safari Portal and is governed by strict internal security controls.



What PCI requirements apply to my agency?

The PCI obligations that apply to your agency depend on your own payment workflow.

Factors such as:

  • How payment information is collected
  • How card details are used
  • Where payment is ultimately processed
  • Your acquiring bank's requirements

all influence which PCI Self-Assessment Questionnaire (SAQ) or compliance requirements may apply.

Because every business operates differently, Safari Portal cannot determine which SAQ is appropriate for your organization.

However, we can provide the technical details your acquirer or compliance advisor may require, including:

  • Where card details are captured
  • Where card data is stored
  • Who is responsible for securing the cardholder data environment
  • What information is visible within Safari Portal
  • How authorized users retrieve card details when required

If your compliance provider has additional technical questions, our team is happy to assist.
Keywords: Credit Card Authorization, Credit Card Forms, Card on File, PCI Compliance, PCI DSS, PCI Vault, PCI Level 1, Tokenization, Credit Card Security, Payment Security, Card Data Protection, Encrypted Card Storage, CVV, Attestation of Compliance, AOC, PCI SAQ, Payment Processing, Secure Payment Collection, Travel Agency Payments, Safari Portal Payments

Search with AI
Responses are generated using AI and may contain mistakes.
How can we help?
Ask me anything about Safari Portal. I'll help you find answers in our Help Center.
Ask a question...Ctrl+I