Credit Card Tokenization
Securely handle credit card data through certified third-party proxy providers for PCI compliance.
What is Credit Card Tokenization?
Credit Card Tokenization is a secure payment handling solution where credit card details in reservations are tokenized by a certified third-party proxy service provider before reaching your PMS. This approach allows PMS systems to receive and process payment information while maintaining PCI DSS compliance without handling raw credit card data directly.
The tokenization proxy sits between SiteMinder and your PMS, intercepting reservation data to replace sensitive card details with secure tokens that your PMS can safely store and process.
PCI Compliance Note: To comply with PCI regulations, reservations cannot include both the CardNumber and CVV/CVC code. Hotels can retrieve CVV/CVC codes directly from the booking channel's extranet.
How It Works
For Reservations PULL
PMS Request: The PMS sends an
OTA_ReadRQ
request to the proxy service provider.Proxy Forwarding: The proxy forwards the
OTA_ReadRQ
to SiteMinder on behalf of the PMS.Tokenization & Delivery: The proxy retrieves undelivered reservations from SiteMinder, tokenizes credit card details, and sends the reservations to the PMS with tokenized payment data.
Tokenization Scope: For tokenization for selected properties include @HotelCode
in the OTA_ReadRQ
. For tokenization for all properties @HotelCode
is not required.
For Reservations PUSH
SiteMinder Push: SiteMinder sends reservation notifications (
OTA_HotelResNotifRQ
) to the proxy service provider endpoint.Tokenization: The proxy intercepts the reservation, tokenizes the credit card details in real-time.
Forwarded Delivery: The proxy forwards the tokenized reservation to the PMS endpoint immediately.
Prerequisites
Partnership Agreements
Before implementing Credit Card Tokenization, the following agreements must be in place:
PMS Level: The PMS must sign an agreement with the chosen proxy service provider.
Property Level: Each hotel or hotel group must sign an agreement with SiteMinder authorizing the use of the third-party proxy service provider to transmit reservations to their PMS.
Certified Proxy Providers
SiteMinder currently supports the following certified tokenization providers:
PCI Proxy (PULL only)
Shift4 (PULL and PUSH)
FreedomPay (PUSH only)
To request certification of a new tokenization provider, reach out to our Ecosystems team via [email protected].
Implementation Process
Pilot Certification
SiteMinder provides the PMS Partner with a test account and Direct Booking engine test URL.
The PMS Partner conducts reservation tests with and without credit card details to verify tokenization is applied correctly.
Upon successful certification, the pilot hotel/hotel group can begin live operations.
Onboarding Additional Properties
Each new hotel or hotel group requires a signed agreement with SiteMinder before activation (see Prerequisites above).
Last updated
Was this helpful?