How to start | PCI Booking

How to start

Card display iFrame

PCI Booking lets bookers (OTAs and TMCs) display payment card or virtual card data to hotels (Properties), using an online form, called an iFrame. This capability ensures that no payment card data ever reaches the bookers’ environment, keeping them out of PCI scope.


Implementing the iFrame is a straightforward process, described in more detail, below:

Opening a booker account

The PCI Booking team will open an account for the booker and will assign a Booker ID (e.g., “expedia_europe”), to be used in integration. To access the account, login.

The booker account includes a control panel, where the booker can perform actions like:

  • Branding and customization

  • Managing properties

  • Managing API integration (e.g., generating API keys)

Preparing branding elements

Preparing branding elements is typically a one-time process, where the PCI Booking team will work with you to configure email messages sent from the site to hotel properties, like activation, reset the password, etc.



Integrating “display payment” iFrame

There are three integration points required:

  • Handling property activation

  • Handling “Reset password”’ requests

  • Handling data display


For details, please see the “Integration Guide - Card Display iFrame” section.


anaging properties

Bookers can manage properties through their site or can fully automate management using an API.

Each property that bookers add to the site receives a branded, customized invitation email, which includes an activation link. Once the property has confirmed the invitation, they can begin using the iFrame.