Credit Card Tokenization
Last updated
Was this helpful?
Last updated
Was this helpful?
For a Property Management System (PMS) integrating with a reservation Pull model via a tokenization proxy,
The PMS initiates the process by sending an OTA_ReadRQ request to the proxy service provider.
The proxy then forwards this OTA_ReadRQ to SiteMinder on behalf of the PMS.
The proxy service provider retrieves any undelivered reservations from SiteMinder, tokenizes the credit card details (if necessary), and then sends the reservations to the PMS with tokenized payment data included.
For tokenization for selected properties, the PMS has to send @HotelCode in the OTA_ReadRQ. For tokenization for all properties, the PMS is not required to use @HotelCode.
To comply with PCI regulations, we cannot include both the CardNumber and the CVV/CVC code in the same reservation XML. Hotels can retrieve the CVV/CVC code directly from the booking source's (channel/OTA) extranet.
The PMS must sign an agreement with the proxy service provider.
The Pilot hotel/hotel group must also sign an agreement with SiteMinder authorizing the use of a 3rd party proxy service provider to send reservations to the connected PMS.
We will provide the PMS Partner with a test account for The Channel Manager and a test URL for the Direct Booking engine to create test reservations.
The PMS partner will then conduct reservation tests, both with and without credit card details, to verify that reservations are received in their system with the appropriate tokenization applied.
Each new hotel or hotel group must also sign an agreement with SiteMinder, authorizing the use of a third-party proxy service provider to transmit reservations to their connected PMS.
At this time, we will only provide support for the certified proxy providers listed below:
PCI Proxy
Shift4 (4res)
FreedomPay (Push PMS only)
To have a new Tokenization provider certified, please contact our Ecosystem Team.
