PCI Booking provides a simple, Restful, API to perform all actions regarding a credit card.

PCI Booking is made up of several application areas. This developers site contains a guide and a reference manual for each application area.

  • The guides allow software architects and designers to have a broad view on the system operation and easily pick up those components which can fit the best different application scenarios.
  • The reference manuals allow developers to have a clear understanding of which methods are available, what input parameters are required for each method and the expected results of each.

Card Risk Assessment

PCI Booking users (e-commerce sites; e.g., OTAs) who require additional verification and security before processing credit cards should use the Risk Assessment service.

How It Works

Once a card has been tokenized, a customer can send the token to the PCI Booking Risk Assessment service - along with additional data relating to the person who entered the card details - and receive, as the response, a score and an assessment on risk by processing a reservation with these card details.

Typical Use Cases

An OTA that has a web site where end customers can submit reservation requests - and provide their card details with the reservation. Before processing the card, the OTA can check the risk of using this card and inform the end customer with their decision based on the risk assessment.

Risk Assessment Categories

PCI Booking assesses the risk of using a card based on the following criteria:

  • Anonymous IP address: States if the IP comes from an anonymous proxy server.
  • IP address location: Country where the traveler entered the card data.
  • Card issuer and country: According to the credit card BIN number (first 6 digits of the card number).
  • Billing address: The traveler’s billing address.

Risk Assessment Flow

  • The process starts after you have already tokenized a card. Find out more in our Inbound Methods documentation.
  • Capture additional details from the person providing the card details:
    • IP Address
    • Billing Address (including country)
  • Submit the Risk Assessment method with the token and all of the additional parameters you wish to run the assessment with.
  • Process the response from PCI Booking and act upon the assessment of risk


Read more in our reference documentation on the Risk Assessment method.

Updated 2 years ago

Card Risk Assessment

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.