Help CentrePartner ContactsTest Extranet LoginBecome a SiteMinder Partner

Credit Card Tokenization

Securely handle credit card data through certified third-party proxy providers for PCI compliance.

What is Credit Card Tokenization?

Credit Card Tokenization is a secure payment handling solution where credit card details in reservations are tokenized by a certified third-party proxy service provider before reaching your PMS. This approach allows PMS systems to receive and process payment information while maintaining PCI DSS compliance without handling raw credit card data directly.

The tokenization proxy sits between SiteMinder and your PMS, intercepting reservation data to replace sensitive card details with secure tokens that your PMS can safely store and process.

PCI Compliance Note: To comply with PCI regulations, reservations cannot include both the CardNumber and CVV/CVC code. Hotels can retrieve CVV/CVC codes directly from the booking channel's extranet.

How It Works

For Reservations PULL

  1. PMS Request: The PMS sends an OTA_ReadRQ request to the proxy service provider.

  2. Proxy Forwarding: The proxy forwards the OTA_ReadRQ to SiteMinder on behalf of the PMS.

  3. Tokenization & Delivery: The proxy retrieves undelivered reservations from SiteMinder, tokenizes credit card details, and sends the reservations to the PMS with tokenized payment data.

Tokenization Scope: For tokenization for selected properties include @HotelCode in the OTA_ReadRQ. For tokenization for all properties @HotelCode is not required.

For Reservations PUSH

  1. SiteMinder Push: SiteMinder sends reservation notifications (OTA_HotelResNotifRQ) to the proxy service provider endpoint.

  2. Tokenization: The proxy intercepts the reservation, tokenizes the credit card details in real-time.

  3. Forwarded Delivery: The proxy forwards the tokenized reservation to the PMS endpoint immediately.

Prerequisites

Partnership Agreements

Before implementing Credit Card Tokenization, the following agreements must be in place:

  • PMS Level: The PMS must sign an agreement with the chosen proxy service provider.

  • Property Level: Each hotel or hotel group must sign an agreement with SiteMinder authorizing the use of the third-party proxy service provider to transmit reservations to their PMS.

Certified Proxy Providers

SiteMinder currently supports the following certified tokenization providers:

  • PCI Proxy (PULL only)

  • Shift4 (PULL and PUSH)

  • FreedomPay (PUSH only)

To request certification of a new tokenization provider, reach out to our Ecosystems team via [email protected].

Implementation Process

Pilot Certification

  1. SiteMinder provides the PMS Partner with a test account and Direct Booking engine test URL.

  2. The PMS Partner conducts reservation tests with and without credit card details to verify tokenization is applied correctly.

  3. Upon successful certification, the pilot hotel/hotel group can begin live operations.

Onboarding Additional Properties

Each new hotel or hotel group requires a signed agreement with SiteMinder before activation (see Prerequisites above).

Last updated

Was this helpful?