5 Properly Train and Monitor Administrators

It is the responsibility of the owner of the client system (which accesses the Oracle Hospitality Integration Platform APIs) to institute proper personnel management techniques for allowing admin user access to cardholder data, site data, and so on. The client system owner can control whether each individual admin user can, for example, see full credit card PAN, or only the last 4 digits of the PAN.

In most systems, a security breach is often the result of unethical personnel. So pay special attention to whom you trust with admin access and who you allow to view full decrypted and unmasked payment information.

When administering the Oracle Hospitality Integration Platform Oracle Cloud Operations always use multi-factor authentication (MFA) using physical tokens to access production instances of Oracle Hospitality Integration Platform.

To enable Multi Factor Authentication (MFA) for IDCS accounts, refer to https://docs.oracle.com

After you purchase IDCS Standard edition, refer to Understand the User Per Month Pricing Model