CRS, PMS and IBE | PCI Booking

The hospitality industry is a prime target for payment card data breaches especially on those systems where reservation information is processed and stored.  Using secure and reliable solutions will not only simplify PCI compliance, but will also protect customers’ credit card data and protect the company brand.  PCI Booking ensure end-to-end protection of ecommerce data between CRSs & PMSs and the consumers transacting business with them.
We facilitate the exchange of information containing reservation and payment data in a secure, standardized and stable environment.  CRSs and PMSs are able to secure payments throughout their connected distribution network by leveraging standardized formats, frameworks and messages common to the hospitality industry.


On-the-fly Tokenization

Eliminates multiple Payment Gateway tokenization schemas that are incompatible with each other.

Pull tokenization request (Inbound on-the-fly HTTP Request)

Allows interception of incoming API requests, capturing card data, encrypting and storing on secure PCI Booking servers. A token is then sent to the ecommerce server with the card data masked.

Tokenization push (On-the-fly inbound HTTP Responses)

Allows interception of returned API responses and relaying them to the API requester. Captured card data is encrypted and stored on secure PCI Booking servers and a token is sent to the eCommerce server with the card data masked.

iFrame Payment Capture

Secure iFrame Payment Capture

Customized forms that are displayed on the lodging’s brand website and provide for the card data entered to be tokenized and stored on secure PCI Booking Servers and the token is passed on to the customer server. This provides the means to collect payment information on a hosted system without exposing the underlying Application Systems to PCI Scope.

Token Replacement

Token Replacement – On-the-fly

Allows the distribution channel to use the card data in the API requests to 3rd parties by providing a token.  Distribution channels can use the end customer card in the API requests to third parties such as payment gateways or suppliers (hotels, car rentals, airlines) without the need to be exposed to the card data itself.

Multiple card payments with single token

the solution allows the use of a single token (card) for sending multiple destinations saving up to 90% in card processing fees.  A captured (and tokenized) card can be used for real time payment to multiple parties such as any supplier associated with a booking.  i.e. airlines, car rental companies, car rental firms, payment gateways etc.  CVV details may be included in requests.  Captured cards may also include security code data.

Card Storage

Secure Card Storage

Card data can be stored for an unlimited time on PCI Booking Servers. This will provide better service to returning customers by enabling quick check-in and check-out processes.

Secure Card Storage Controls

Addition and deletion of cards in storage is controlled by the customer. This enables a flexible card retention policy.

Secure Card Storage Query

Ability to query existing card data stored on PCI Booking Servers by custom references. Allows easy listing of cards related to a specific end-customer and enables the end-customer to select an already stored card without the need to maintain sensitive data on internal systems.

Control 3rd Party Access to Card Data

Allow third suppliers such as hotels to use the card data already captured by the distribution channel.  The same card can be used multiple times for different bookings with different suppliers.

Compliance with EU Directive

PCI DSS Reservation Data Exchange

Complete Message Sets

Messages that cover the entire reservation process – booking, cancellation, modification, confirmation, decline , virtual card update and eFolio information.

Automated Card Data Processing

Fully automated confirmation and eFolio processing and related payment details of the reservation including payment cards and virtual cards.  Enables a PCI compliant format of handing over card data to suppliers.

Variety of Destination Options for Confirmation & eFolio

The destination can be a fax number or PCI messaging service.  The same messaging API can be used for reservation related messages.  These can be delivered through a variety of methods.  Allows for seamless migration path from fax-based delivery to XML.

XML Messaging

Adherence to Industry Standard XML Schema

Allows acceptance of only valid messages guaranteeing data integrity for received reservation information.

Optional Timeout Settings

Enable automatic ignore/cancel of any message delivered if not accepted within a defined time as set by the sender – i.e. distribution channel. The distribution channel can then provide the customer with an online reservation confirmation number after processing by a hotel.

Message Status Reporting

Allows an inquiry by the sender for all pending reservations related messages to report on the delivery status – delivered, read, expired.

Optional Call Back to Sender

Upon message processing completion, a call back is made to a customer defined URL in a flexible format. This provides for a faster response time while utilizing less computing resources by applying an event driven programming style.