PRIVACY & POLICY

Fraud Mitigation Procedures We have established the following steps to minimize our risk to credit card fraud;

E-commerce and mail order (MO) and telephone order (TO) businesses are more vulnerable to fraudulent attacks than physical retailers. The information below will help to determine exactly where your organization’s soft spots are and what you need to reduce fraud risk. When accepting credit cards for payment, we request the following from our hotel guests to provide the following information and ensure it is valid:

1. Check & verity the cardholder name, exactly the way the name appears on the identity card.

2. Check & verify the card account number — 16 digits.

3. Check & verify card expiration date — four digits (MM / YY).

• Check & verify card security code — three-digit number located in the signature panel on the back of Visa, MasterCard and Discover cards or a four-digit number located above the account number on the front of American Express cards. Tracking on the CVV2/CVC2 response message, either issuer validates the CVV2/CVC2 value or matches the value.

4. Confirm the security codes ensure that the card is in the possession of the cardholder at the time of purchase.

• Request the guest for both card type and an account number, and make sure that they match – for example if the card type is “VISA” and the account number begins with “4”, then the match is positive.

• Use a ‘Mod 10” check to determine whether an entered card number is valid. Do not request authorization until the account number passes the Mod 10 check. Several attempts (incorrect card number) should create suspicion to the merchants.

• Display only the last four digits when showing a card number to a repeat customer at your website.

• To validate the card expiry date.

5. Get the details about the home, business or other telephone number where the cardholder can be reached.

6. For each transaction to request and validate the card security code. Submit the validation request with the electronic authorization request.

7. Verify the guest’s billing address with the Address Verification System (AVS), either electronically or by phone.

8. Limit internal access to payment card data. To minimize the risk of internal theft of cardholder account numbers.

9. Conduct annual review of systems control.

10. Prior discarding the customer information, the merchant to ensure that the information is destroys in unreadable manner.

PERSONAL DATA PROTECTION ACT 2010 (“PDPA”)

Pursuant to the Personal Data Protection Act 2010 (“PDPA”), The Light Hotel (M) Sdn Bhd (“The Light Hotel, Seberang Jaya, Penang”) is mindful and committed to the protection of your personal information and your privacy.