# Credit Card Tokenization

## What is Credit Card Tokenization?

**Credit Card Tokenization** is a secure payment handling solution where credit card details in reservations are tokenized by a certified third-party proxy service provider before reaching your PMS. This approach allows PMS systems to receive and process payment information while maintaining PCI DSS compliance without handling raw credit card data directly.

The tokenization proxy sits between SiteMinder and your PMS, intercepting reservation data to replace sensitive card details with secure tokens that your PMS can safely store and process.

{% hint style="danger" %}
**PCI Compliance Note:** To comply with PCI regulations, reservations cannot include both the **CardNumber** and **CVV/CVC code**. Hotels can retrieve CVV/CVC codes directly from the booking channel's extranet.
{% endhint %}

## How It Works

### **For Reservations PULL**

1. **PMS Request**: The PMS sends an `OTA_ReadRQ` request to the proxy service provider.
2. **Proxy Forwarding**: The proxy forwards the `OTA_ReadRQ` to SiteMinder on behalf of the PMS.
3. **Tokenization & Delivery**: The proxy retrieves undelivered reservations from SiteMinder, tokenizes credit card details, and sends the reservations to the PMS with tokenized payment data.

{% hint style="warning" %}
**Tokenization Scope:** For tokenization for **selected properties** include `@HotelCode` in the `OTA_ReadRQ`. For tokenization for **all properties** `@HotelCode` is not required.
{% endhint %}

### **For Reservations PUSH**

1. **SiteMinder Push**: SiteMinder sends reservation notifications (`OTA_HotelResNotifRQ`) to the proxy service provider endpoint.
2. **Tokenization**: The proxy intercepts the reservation, tokenizes the credit card details in real-time.
3. **Forwarded Delivery**: The proxy forwards the tokenized reservation to the PMS endpoint immediately.

## Prerequisites

### **Partnership Agreements**

Before implementing Credit Card Tokenization, the following agreements must be in place:

* **PMS Level**: The PMS must sign an agreement with the chosen proxy service provider.
* **Property Level**: Each hotel or hotel group must sign an agreement with SiteMinder authorizing the use of the third-party proxy service provider to transmit reservations to their PMS.

### **Certified Proxy Providers**

SiteMinder currently supports the following certified tokenization providers:

* FreedomPay (PUSH only)
* Payrails (PULL only)
* PCI Proxy (PULL only)
* Shift4 (PULL and PUSH)

{% hint style="success" %}
To request certification of a new tokenization provider, reach out to our Ecosystems team via <ecosystem.team@siteminder.com>.
{% endhint %}

## Implementation Process

### **Pilot Certification**

1. SiteMinder provides the PMS Partner with a test account and Direct Booking engine test URL.
2. The PMS Partner conducts reservation tests with and without credit card details to verify tokenization is applied correctly.
3. Upon successful certification, the pilot hotel/hotel group can begin live operations.

### **Onboarding Additional Properties**

Each new hotel or hotel group requires a signed agreement with SiteMinder before activation (see Prerequisites above).

{% hint style="success" icon="sparkles" %}

## Still have questions?

Use the <i class="fa-gitbook-assistant">:gitbook-assistant:</i> **Ask** button at the top of the page to chat with our AI assistant — it can help you navigate the guide, understand requirements, and troubleshoot issues.

If you need more support, visit [Integration Support](/integration-support/integration-support.md).
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.siteminder.com/pmsxchange-api/additional-resources/credit-card-tokenization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.