Channel managers | PCI Booking

Channel Managers

PCI Booking enables established Channel Managers, with and without integrated Booking Engines, to become 100% PCI compliant whilst giving hotels the flexibility to access and view credit card data within their own application.
PCI Booking capture credit card data ‘on-the-fly’ within API HTTP responses or when bookings are pushed to Channel Managers by OTAs.  PCI Booking store the credit card data on their servers, mask sensitive data and add a token to the response sent back to the Channel Manager system.
Whenever credit card data is required by the hotel, a request is made via the Channel Manager and a token is presented to PCI Booking.  Using access credentials issued and managed by our API based property management solution the token is exchanged for card data and is displayed in an iFrame Payment Display.
For integrated Channel Managers with Booking Engines our iFrame Payment Card Capture and Display enables the capture and tokenization of payment card data for direct bookings made to hotels. Channel Managers are able to secure reservation content throughout their connected distribution network by leveraging standardized formats, frameworks, and messages common to the hospitality industry.  The PCI booking solution requires minimal implementation time and is available for customer branding using their own logo and colour schemes.


On-the-fly Tokenization

Eliminates multiple Payment Gateway tokenization schemas that are incompatible with each other.

Pull tokenization request (Inbound on-the-fly HTTP Request)

Allows interception of incoming API requests, capturing card data, encrypting and storing on secure PCI Booking servers. A token is then sent to the ecommerce server with the card data masked.

Tokenization push (On-the-fly inbound HTTP Responses)

Allows interception of returned API responses and relaying them to the API requester. Captured card data is encrypted and stored on secure PCI Booking servers and a token is sent to the eCommerce server with the card data masked.

Token replacement

Token Replacement – On-the-fly

Allows the distribution channel to use the card data in the API requests to 3rd parties by providing a token.  Distribution channels can use the end customer card in the API requests to third parties such as payment gateways or suppliers (hotels, car rentals, airlines) without the need to be exposed to the card data itself.

Multiple card payments with single token

the solution allows the use of a single token (card) for sending multiple destinations saving up to 90% of card processing fees.  A captured (and tokenized) card can be used for real time payment to multiple parties such as any supplier associated with a booking.  i.e. airlines, car rental companies, car rental firms, payment gateways etc.  CVV details may be included in requests.  Captured cards may also include security code data.

Card storage

Secure Card Storage

Card data can be stored for an unlimited time on PCI Booking Servers. This will provide better service to returning customers by enabling quick check-in and check-out processes.

Secure Card Storage Controls

Addition and deletion of cards in storage is controlled by the customer. This enables a flexible card retention policy.

Secure Card Storage Query

Ability to query existing card data stored on PCI Booking Servers by custom references. Allows easy listing of cards related to a specific end-customer and enables the end-customer to select an already stored card without the need to maintain sensitive data on internal systems.

Control 3rd Party Access to Card Data

Allow third suppliers such as hotels to use the card data already captured by the distribution channel.  The same card can be used multiple times for different bookings with different suppliers.

Compliance with European Directive

Activation and Management of Hotels

API driven application

Key elements of the solution may be driven from Channel Manager’s own application thus avoiding duplication of data entry and commands.

Two-Way Communication

Provides communication between bookers and hotels with both reservation and payment data.

Control of Hotel Activations

Bookers can define how hotels are activated on to the portal.  Options include – Batch activation via CVS; Manual activation of individual hotel; Fully automated activation via API and Single click sign-up from email activation message.

Automated Activation Communications

Upon activation, each hotel receives an email message to join and use the Branded Portal.  Message can include customized content from the bookers  such as instructions.

Easy Support Tools

Allows bookers to view the Branded Portal as a hotel to provide support.  The bookers can query and modify hotel account preferences.

Custom Messaging

Customized email messages to communicate with the hotels.

Browser-based Access

Easy access to the reservation queue providing significant support of mobile devices.

Secure Access to Credit Card Details

Hotels using the service may access card data at any time through Channel Manager application / portal for processing pre-authorization or for charging cancellation or no-show fees.

iFrame Payment Display (Token Replacement)

Secure iFrame: iFrame Payment Display

Allows replacement of token with actual card in outbound HTTP requests/ On the Fly Token replacement allows you to access card data in your API requests to third parties by providing a token.

The third party can access the card from the secure iFrame. 

Single Token - Multiple payments

The solution allows the use of a single token (card) for sending requests to multiple destinators. A captures (and tokenized card) can be used for real time payments to multiple payees, such as any supplier associated with a booking. i.e. airline, car rental companies, payment gateways etc.