PCI Shield is the core component of the PCI Booking suite of APIs. It enables Bookers1 to outsource PCI DSS compliance, letting them send and receive customer's payment data securely. Data is tokenized, ensuring it never touches the Bookers'1 environment.
There are two typical scenarios for capturing card data ("inbound"):
- The eCommerce2 site (portal) captures card details from customers, interactively.
- The eCommerce2 site receives card details via an API, either in "push" mode or in "pull" mode.
Regardless of how the card token was created (based on the methods above), PCI Shield can be used when passing/transmitting to third parties:
- The eCommerce2 site (portal) displays card details to customers, interactively.
- The eCommerce2 system sends card details via an API (along with other data) to a third party.
PCI Booking customers can query and manage card data stored in PCI Booking, using an API. Thus, the eCommerce2 site can offer customers an e-Wallet service, where they do not have to re-type card details for every payment.