> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Card Display with OTP

> Send a one-time password link to view stored card details. Secure card display for hotel staff and partners.

Card Display with OTP is a PCI Booking-hosted page that displays stored card details after verifying the viewer's identity with two one-time passwords - one sent to their email and one sent to their phone number.

Use this when you don't have your own portal for managing user access to card details, or when you don't want to deal with the security and PCI compliance implications of building user management for card viewing into your systems. PCI Booking handles the entire authentication and display flow.

Unlike [Card Display](/use-tokens/card-display) (which uses an iframe embedded in your portal), Card Display with OTP is a standalone hosted page. The viewer accesses it directly on PCI Booking's domain.

## How It Works

1. **Initiate a view request**. Your system calls the [initView endpoint](/api-reference/process-cards/card-display-otp) with the card token, the viewer's phone number, email, and name.
2. **Email verification**. PCI Booking sends an email to the viewer containing a link. The first OTP is embedded in the link, so the viewer verifies email access simply by clicking it.
3. **Phone verification**. After clicking the link, the viewer is prompted to verify their phone number. They choose to receive a code via SMS or voice call, then enter it on screen.
4. **Card revealed**. After both verifications succeed, the card details are displayed on PCI Booking's hosted page.

## Security

* Each OTP is a single-use 6-digit code, hashed and salted before storage. PCI Booking does not retain the plain-text code.
* OTPs expire after a limited time window.
* Two-factor verification (email link + phone code) ensures the viewer controls both channels.

<Info>
  Use Card Display with OTP when you want PCI Booking to handle the entire card viewing flow, including identity verification. Use [Card Display](/use-tokens/card-display) when you already have a portal with your own user management and access control.
</Info>

## Next Steps

<CardGroup cols={2}>
  <Card title="Card Display" icon="book" href="/use-tokens/card-display">
    Iframe-based card display for use within your own portal.
  </Card>

  <Card title="Use Tokens Overview" icon="book" href="/use-tokens/overview">
    All detokenization methods.
  </Card>
</CardGroup>
