Prerequisites
Before starting a migration, ensure you have:- A valid PCI Booking API key (sandbox for testing, production for the actual migration)
- PCI DSS compliance certification for the system sending card data
- A clear inventory of the cards to migrate, including which fields are available (card number, expiry, CVV, cardholder name)
How It Works
Send card details directly to the Store Paycard API. PCI Booking stores the card securely and returns a token in theLocation response header.
Location header. See the API reference for the full list of fields and query parameters.
Validation Options
PCI Booking can validate the card data during storage:- Luhn check verifies the card number is structurally valid
- BIN lookup identifies the card brand, issuing bank, and card type (credit, debit, prepaid)
- Expiry validation rejects cards that have already expired
Migration Best Practices
- Test in sandbox first. Run your full migration script against the sandbox environment with test card numbers to validate the integration and error handling.
- Migrate in batches. If migrating a large volume of cards, break them into manageable batches and track progress. This makes it easier to resume if something goes wrong.
- Map old references to new tokens. Maintain a mapping table between your existing card references and the new PCI Booking tokens so you can update all dependent systems.
- Delete source data. Once migration is complete and validated, permanently delete all raw card records from your source systems to eliminate PCI DSS scope.
- Vault-to-vault transfers. If migrating from a third-party vault, check whether a direct vault-to-vault transfer is possible. Contact support@pcibooking.net for guidance.
Next Steps
Token Management
Manage your migrated tokens.
Capture Cards Overview
All available tokenization methods.

