Credit Card Tokenization

What is Tokenization?

Tokenization replaces sensitive credit card information with a unique identifier, or "token," to protect guest payment details. This approach enhances security by ensuring that no payment data is stored in the Property Management System (PMS).

PMS platforms can leverage a third-party proxy service to receive tokenized reservation data instead of receiving reservations directly from SiteMinder, as is typical in the traditional SiteMinder reservation delivery model.

How it Works?

For a Property Management System (PMS) integrating with a reservation Pull model via a tokenization proxy,

The PMS initiates the process by sending an OTA_ReadRQ request to the proxy service provider.
The proxy then forwards this OTA_ReadRQ to SiteMinder on behalf of the PMS.
The proxy service provider retrieves any undelivered reservations from SiteMinder, tokenizes the credit card details (if necessary), and then sends the reservations to the PMS with tokenized payment data included.

For tokenization for selected properties, the PMS has to send @HotelCode in the OTA_ReadRQ. For tokenization for all properties, the PMS is not required to use @HotelCode.

To comply with PCI regulations, we cannot include both the CardNumber and the CVV/CVC code in the same reservation XML. Hotels can retrieve the CVV/CVC code directly from the booking source's (channel/OTA) extranet.

Prior to the Integration

The PMS must sign an agreement with the proxy service provider.
The Pilot hotel/hotel group must also sign an agreement with SiteMinder authorizing the use of a 3rd party proxy service provider to send reservations to the connected PMS.

Certification Process

We will provide the PMS Partner a test account for The Channel Manager and a test URL for the Direct Booking engine to create test reservations.
The PMS partner will then conduct reservation tests, both with and without credit card details, to verify that reservations are received in their system with the appropriate tokenization applied.

Adding more properties after Pilot

Each new hotel or hotel group must also sign an agreement with SiteMinder, authorizing the use of a third-party proxy service provider to transmit reservations to their connected PMS.

Certified Proxy Providers

At this time, we will only provide support for the certified proxy providers listed below:

PCI Proxy
Shift4 (4res)
FreedomPay (Push PMS only)

To have a new Tokenization provider certified, please contact our Ecosystem Team.

PreviousPMS Minimum Content XML Sample NextReservations Upload

Last updated 16 days ago