Skip to main content
This workflow is for when you need to capture the card directly from the cardholder (for example, at booking time on your website or through an email link) and then share it with a hotel. Your servers never handle raw card data, keeping you out of PCI scope. If you already have a token and just need to share it with a hotel, see Send Stored Card Details to a Hotel Property instead.

Card capture and delivery options

You can mix and match. The example below uses Card By Link to capture and Card Display with OTP to share the card with the hotel.

Step 1: Collect the Card

Using Card By Link as an example:
  1. Send a Card By Link request to PCI Booking with the cardholder’s email or phone number. Include optional details like amount, reference number, and header/footer text for the landing page.
  2. PCI Booking sends a secure link to the cardholder.
  3. The cardholder enters their card details on the hosted page.
  4. If configured, a 3D Secure prompt is displayed.
  5. PCI Booking tokenizes the card and sends a callback with the token.

Step 2: Share the Card with the Hotel

Using Card Display with OTP as an example:
  1. Call the Card Display OTP endpoint with the card token, the hotel contact’s email, phone number, and name. Set a time-to-live for how long the link should remain valid.
  2. PCI Booking sends the hotel contact an email containing a secure link.
  3. The hotel contact clicks the link and verifies their identity by entering a code sent to their phone via SMS.
  4. After verification, the card details are displayed on PCI Booking’s hosted page. The session stays active for 15 minutes.
  5. Delete the token when no longer needed.
No portal setup or user accounts are needed on the hotel’s side. PCI Booking handles the entire identity verification and card display flow.