Update Token via Card Security Code Capture Form

PCI Booking users (e-commerce sites) who require their customers to provide updated card security codes should use this service.

If a card has already been tokenized and stored in PCI Booking's database, PCI Shield can capture card security code data using a card security code capture form.

After capturing the security code data, PCI Shield will create a new card token, using existing card information, and send it to the e-commerce site for future use; e.g., relayed to a payment gateway or relayed to a hotel or any other service provider.


It is your responsibility to clear the original token that was stored in PCI Booking.
If this token is not cleared, it will be charged the monthly storage fee.

Preparing Card Security Code Capture Form

The e-commerce site has significant control over the capture form's look and feel, via a custom stylesheet (.css) file.
As a baseline, you can use our default CSS to design your own.

Please note: the stylesheet will be stored in PCI Booking's database, and will be used in the iFrame with the stylesheet name. Read more on managing stylesheets.

Once the capture form has been submitted, the card owner will redirected to a success or failure page - based on the result of the submission. Please follow our instructions on setting up the success / failure redirection pages.

Updating Card Security Code via Capture Form - Flow

  1. (optionally) Prepare in advance the CSS that should be used for this card capture.
  2. Prepare in advance the success / failure redirection pages that the iframe will redirect to once tokenization is completed.
  3. Authenticate PCI Booking via an "access token" or a "session token". Read more about our authentication methods.
  4. Retrieve from your database the card token that should be updated.
  5. Request a card security code entry form, with your site's look and feel, using the Request a Card Security Code Entry Form method.
    • The response to this request would be the HTML code of the Capture form.
  6. The Capture Form can include a "Submit" button within the iFrame, or you can use the site's "Submit" button, by implementing the PostMessage mechanism.
  7. When the users submit the Capture form, PCI Booking will retrieve the saved card and create a new card token. The new card token to the e-commerce site.
  8. Optionally, Delete the original card token.
  9. Optionally, set the CVV Retention Policy for this token.


Below is an example of how the basic Card Security Code Capture form will look like when integrated into a web site.


Example only!

The following is an example only of how the card capture form would like look when used in an iframe. It is not a functioning example.
If you attempt to submit this form, you will receive an error.


This form is a very basic example of how the form would look like. You can customize the look and feel of the form to match your own web site.
Please do not submit this form as it is not live.