Card Risk Assessment

PCI Booking users (e-commerce sites; e.g., OTAs) who require additional verification and security before processing credit cards should use the Risk Assessment service.

How It Works

Once a card has been tokenized, a customer can send the token to the PCI Booking Risk Assessment service - along with additional data relating to the person who entered the card details - and receive, as the response, a score and an assessment on risk by processing a reservation with these card details.

Typical Use Cases

An OTA that has a web site where end customers can submit reservation requests - and provide their card details with the reservation. Before processing the card, the OTA can check the risk of using this card and inform the end customer with their decision based on the risk assessment.

Risk Assessment Categories

PCI Booking assesses the risk of using a card based on the following criteria:

  • Anonymous IP address: States if the IP comes from an anonymous proxy server.
  • IP address location: Country where the traveler entered the card data.
  • Card issuer and country: According to the credit card BIN number (first 6 digits of the card number).
  • Billing address: The traveler’s billing address.

Risk Assessment Flow

  • The process starts after you have already tokenized a card. Find out more in our Inbound Methods documentation.
  • Capture additional details from the person providing the card details:
    • IP Address
    • Billing Address (including country)
  • Submit the Risk Assessment method with the token and all of the additional parameters you wish to run the assessment with.
  • Process the response from PCI Booking and act upon the assessment of risk


Read more in our reference documentation on the Risk Assessment method.