Capture Card Security Code

If, while talking to the customer (whether on the phone, in a chat or an email), you need to collect the card security code for a card already stored in PCI Booking, you should use the Card Over The Phone Service.

How it works

Upon request, PCI Booking will send either an email or a text message (SMS) to the client. This message will contain a link to the card security code capture form.
Once the client has finished entering the card' security code, the original card will be duplicated to a new card stored in PCI Booking and a new token will be generated which will be sent to the customer who requested the form be sent.


Read more on managing your Card Over The Phone requests.


Upon completion of this operation, there will be two copies of the card details in PCI Booking. It is your responsibility to decide what to do with the original token that was stored in PCI Booking.
If this token is not deleted (read more on deleting tokens , it will be charged the monthly storage fee.

Tokenization Flow

Initial setup:

  1. Implement the Callback method to receive status updates on the card request.
  2. (optionally) Prepare in advance the CSS that should be used for this card capture.

Regular operations:
3. Initiate a call with a client and reach the stage in the conversation of requesting the card security code
4. Submit the Request to Send Card Security Code Capture Form to Recipient method
* In this request, you will provide details on how to send the message (email or text message) and the destination information. You will also provide details on the original token that the security code should be added to.
5. PCI Booking sends the message to the client.
6. Client clicks on the link to open the card capture form and fills out the card security code.
7. The existing token is duplicated and the security code is added to the new card. The new token is sent to the customer via the callback.