Tokenization via Hosted Card Capture Form

PCI Booking users (e-commerce sites) who request card data to be provided from end-customers (for example, a customer making a travel reservation) on the e-commerce's web site should use this service.

PCI Shield offers a card capture form which can be integrated either as a stand-alone page or, more commonly, as an iFrame in the e-commerce web site.
This form captures card data, tokenizes and then sends the token to the e-commerce site for future use; e.g., relays to a payment gateway or relays to a hotel or any other service provider.

Preparing the Card Capture Form

The e-commerce site has significant control over the capture form's look and feel, via a custom stylesheet (.css) file.
As a baseline, you can use our default CSS to design your own.

Please note: the stylesheet will be stored in PCI Booking's database, and will be used in the iFrame with the stylesheet name. Read more on managing stylesheets.

Once the capture form has been submitted, the card owner will redirected to a success or failure page - based on the result of the submission. Please follow our instructions on setting up the success / failure redirection pages.

Tokenization via Card Capture - Flow

  1. (optionally) Prepare in advance the CSS that should be used for this card capture.
  2. Prepare in advance the success / failure redirection pages that the iframe will redirect to once tokenization is completed.
  3. Authenticate PCI Booking via an "access token" or a "session token". Read more about our authentication methods.
  4. Request a card entry form, with your site's look and feel, using the Request a Card Entry Form method.
    • The response to this request would be the HTML code of the Card Capture form.
    • You may also want to consider using our Card Capture Form with CDN.
  5. The Card Capture Form can include a "Submit" button within the iFrame, or you can use the parent site's "Submit" button, by implementing the PostMessage mechanism.
  6. The Card Capture process can incorporate capturing the 3D Secure authentication immediately after capturing the card. In order to enable 3DS, add the ThreeDS parameter as True.
    Read more on 3D secure authentication.
  7. When the users submit the Card Capture form, PCI Booking will tokenize the card and relay the card token to the e-commerce site.
  8. Optionally, set the CVV Retention Policy for this token.


Below is an example of how the basic Card Capture form will look like when integrated into a web site.


Example only!

The following is an example only of how the card capture form would like look when used in an iframe. It is not a functioning example.
If you attempt to submit this form, you will receive an error.


This form is a very basic example of how the form would look like. You can customize the look and feel of the form to match your own web site.
Please do not submit this form as it is not live.