Credit Card Tokenization
How it Works?
For a Property Management System (PMS) integrating with a reservation Pull model via a tokenization proxy,
The PMS initiates the process by sending an
OTA_ReadRQ
request to the proxy service provider.The proxy then forwards this
OTA_ReadRQ
to SiteMinder on behalf of the PMS.The proxy service provider retrieves any undelivered reservations from SiteMinder, tokenizes the credit card details (if necessary), and then sends the reservations to the PMS with tokenized payment data included.
To comply with PCI regulations, we cannot include both the CardNumber and the CVV/CVC code in the same reservation XML. Hotels can retrieve the CVV/CVC code directly from the booking source's (channel/OTA) extranet.

Before the Integration
The PMS must sign an agreement with the proxy service provider.
The Pilot hotel/hotel group must also sign an agreement with SiteMinder authorizing the use of a 3rd party proxy service provider to send reservations to the connected PMS.
Certification Process
We will provide the PMS Partner with a test account for The Channel Manager and a test URL for the Direct Booking engine to create test reservations.
The PMS partner will then conduct reservation tests, both with and without credit card details, to verify that reservations are received in their system with the appropriate tokenization applied.
Adding more properties after the Pilot
Each new hotel or hotel group must also sign an agreement with SiteMinder, authorizing the use of a third-party proxy service provider to transmit reservations to their connected PMS.
Certified Proxy Providers
At this time, we will only provide support for the certified proxy providers listed below:
PCI Proxy
Shift4 (4res)
FreedomPay (Push PMS only)
To have a new Tokenization provider certified, please contact our Ecosystem Team.
Last updated
Was this helpful?