For Online Travel Agencies
PCI Booking helps Online Travel Agencies (OTAs) handle payment card data without the burden of PCI DSS certification. Whether you need to capture cards from travelers, relay card details to hotels, or charge cards through your payment gateway, PCI Booking acts as a secure middleman so sensitive data never touches your servers. With PCI Booking, your OTA can tokenize cards at the point of booking, store them securely, and use tokens to process payments or forward card data to accommodation providers. This keeps you fully compliant with PCI DSS and PSD2/SCA requirements while maintaining a seamless booking experience for your customers.Where to Start
How PCI Booking Works
Understand the tokenization flow and how PCI Booking fits into your booking pipeline.
Quickstart Guide
Get up and running with your first integration in minutes.
Capture Cards from Travelers
Embed a secure card entry form in your checkout flow to tokenize card data.
Card By Link
Send a secure link via email or SMS so travelers can enter card details for phone bookings.
Relay Tokens to Hotels
Forward tokenized card data to hotels and suppliers using token replacement.
Charge via Payment Gateway
Process charges through 100+ supported payment gateways using stored tokens.
PSD2/SCA Compliance
Implement Strong Customer Authentication to meet PSD2 requirements.
Common Use Cases
Browse step-by-step workflows for OTA scenarios like capture-and-relay and capture-and-charge.
Typical OTA Workflows
- Capture and relay to hotel: Tokenize the traveler’s card at booking, then use token replacement to send the card data to the hotel’s system. See Capture and Relay to Hotel.
- Capture and charge: Tokenize the card and process a charge through your payment gateway in a single flow. See Capture and Charge.
- Phone bookings: Use Card By Link to send a secure card capture form to travelers who book by phone. See Card By Link.

