> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Update an Expired Card Token

> When a stored card expires and the guest gets a replacement, update the token's expiration date and CVV without re-collecting the full card number. Keeps recurring charges running.

When a stored card expires and the cardholder receives a new card with the same number but a new expiration date (and new CVV), you need to update the token. This avoids the friction of asking the guest to re-enter their full card details and prevents failed charges on recurring bookings.

This is common for hotels and travel platforms that store guest cards for future bookings, no-show charges, or recurring invoicing. When the card issuer sends a replacement with a new expiration date, you can update the token without asking the guest to go through the full card entry process again.

## Choosing the Right Approach

The best method depends on whether you need only the new expiration date or also the new CVV.

<Tabs>
  <Tab title="Expiration Only">
    Use the API to update the expiration date directly. This is the simplest approach and does not require any interaction with the cardholder.

    **Best for:** Situations where CVV is not required for charges (e.g., merchant-initiated transactions, recurring billing without CVV).
  </Tab>

  <Tab title="Expiration + CVV">
    Update the expiration via API, then send a CVV capture link to the cardholder to collect the new security code. This requires the cardholder to take action.

    **Best for:** Situations where the PSP requires CVV for each charge, or when your business rules mandate CVV presence.
  </Tab>

  <Tab title="Full Re-capture">
    If the cardholder received an entirely new card number (not just a renewed expiry), you need to capture the full card details again using [Card By Link](/capture-cards/card-by-link) or the [Hosted Card Entry Form](/capture-cards/hosted-card-entry-form). This creates a new token entirely.

    **Best for:** Lost or stolen card replacements where the card number itself has changed.
  </Tab>
</Tabs>

## Simple Case: Update Expiration Only

If you only store card number and expiration (no CVV), use the [Update Expiration](/api-reference/manage-tokens/update-expiration) API to submit the new month and year. The existing token is updated in place. No cardholder interaction is required.

## Full Case: Update Expiration and CVV

If you also need the new CVV, follow this workflow:

1. **Update the expiration date.** Call [Update Expiration](/api-reference/manage-tokens/update-expiration) with the new month and year.
2. **Send a CVV capture link.** Use [CVV Capture](/capture-cards/cvv-capture) (via Card By Link) to send the cardholder a link to enter their new CVV.
3. **Cardholder enters CVV.** The cardholder receives the link and enters the new security code.
4. **PCI Booking creates a new token.** A full copy of the original card details is created with the captured CVV attached. You receive the new token in a [callback](/api-reference/tokenize-cards/cotp-callback).
5. **Set CVV retention policy.** If needed, configure a [CVV Retention Policy](/capture-cards/cvv-retention-policy) for the new token.
6. **Delete the old token.** Call [Delete Token](/api-reference/manage-tokens/delete-token) to remove the old entry.
7. **Update your database.** Replace the old token with the new one in your system.

At the end of this process, you have one token with the updated card details.

<Info>
  If you use network tokenization, card networks (Visa, Mastercard) can automatically update card details when a replacement card is issued. This eliminates the need for manual updates in many cases. Contact [support@pcibooking.net](mailto:support@pcibooking.net) to learn more about network token lifecycle management.
</Info>

## Related

* [Update Expiration](/api-reference/manage-tokens/update-expiration). API reference for updating expiration date.
* [CVV Capture](/capture-cards/cvv-capture). Send a CVV-only capture link to the cardholder.
* [CVV Retention Policy](/capture-cards/cvv-retention-policy). Control how long CVV data is stored.
* [Charge and Save for Future Payments](/use-cases/capture-charge-and-store). See the full card lifecycle from initial capture to stored token.
