Skip to main content

What Are Virtual Cards?

Virtual cards are temporary card numbers issued programmatically for a specific transaction or purpose. They have a set spending limit, an authorization window, and can be restricted to a single use. Once the transaction is complete or the card expires, it cannot be used again.

Why Use Them?

Virtual cards are common in the travel industry for paying hotels, airlines, and other suppliers without exposing the company’s actual payment credentials.

How It Works with PCI Booking

PCI Booking integrates with virtual card providers (VCPs) and handles the full flow:
  1. You call Issue Virtual Card with the provider credentials, amount, currency, and authorization date range.
  2. PCI Booking requests a virtual card from the provider.
  3. The provider issues the card.
  4. PCI Booking automatically tokenizes the issued card and returns a PCI Booking token URI in the Location header.
The issued card number and CVV are masked in the API response. You only receive the PCI Booking token, which you can then use like any other token: relay it to a supplier, display it, or process a payment.

Supported Providers

Use the List Virtual Card Providers endpoint to see all currently supported providers and their required credentials. This endpoint is public and requires no authentication. Each provider has its own credential structure. Use Retrieve VCP Credential Structure to get the exact fields needed for a specific provider before storing credentials.

Setting Up Credentials

You have two options for providing VCP credentials: Option 1: Pass credentials per request. Include ProviderName and Credentials in each Issue Virtual Card request body. Option 2: Store credentials in PCI Booking. Use Store Credentials to save your VCP credentials once, then pass the credentialsId query parameter on each issuance request. This is more secure and avoids sending credentials repeatedly.

Issuance Parameters

When issuing a virtual card, you control:

Using the Issued Card

Once issued, the virtual card is a standard PCI Booking token. You can:

Typical Workflow

A travel platform issuing a virtual card to pay a hotel:
  1. Issue a virtual card with the booking amount and check-in/check-out dates as the authorization window.
  2. Relay the token to the hotel’s payment system using token replacement.
  3. The hotel charges the virtual card.
  4. Reconcile using the UniqueReference you set (e.g., your booking ID).
  5. Delete the token after the transaction is settled.