Skip to main content
Once a card is tokenized, you use the token to send card data wherever it needs to go. PCI Booking retrieves the real card data from the vault, substitutes it at the point of delivery, and your systems never handle sensitive card details.

Assessing Risk

Before using a token, you can analyze the card for fraud risk indicators to decide whether you are willing to proceed with the transaction.

Processing Payments

Use the Universal Payment Gateway to charge, authorize, or refund through a payment service provider (PSP).

Inserting Card Data into Messages via HTTP

Send card data to third parties by routing HTTP traffic through PCI Booking. Tokens are replaced with real card data in transit.

Inserting Card Data into Messages via File

Send card data to third parties by routing file transfers through PCI Booking.

Displaying Card Data

Use these methods when authorized staff need to view card details.

Retrieving Raw Card Data via API

The Token Replacement (API) endpoint returns the full, unmasked card number directly in the API response. Unlike all other methods above, this means your system receives raw card data, putting it in scope of PCI DSS compliance.
This method is intended for sandbox testing only. If you need to view card details in production, use Card Display instead. See the Token Replacement (API) page for details and PCI compliance implications.