Data protection and PCI scope reduction for today’s businesses


Whatever your position in the distribution chain you must store credit card information for weeks, and sometimes months, to guarantee hotel reservations, bookings, online orders, etc. Therefore, credit card data must be retained for a relatively long duration. Using PCI Proxy Shield will not only simplify compliance, but will protect customers credit card data and protect the company brand.

PCI Shield uses all PCI Bookings applications, tools and APIs to address the specific requirements of each player in the distribution chain and their specific work-flow.


On-the-fly tokenization

The success of technology such as Tokenization in preventing the exposure of payment information, the crown jewel of any data breach, has forced cyber criminals to move towards of model of accessing and then ransoming great swathes of data previously thought as of a lower sensitivity. With PCI Booking, you can give all of your data the same level of security that payment information receives. 

Pull Tokenization request (Inbound on-the-fly HTTP Request)

Allows interception of incoming API requests, capturing card data, encrypting and storing on secure PCI Booking servers. A token is then sent to the eCommerce server with the card data masked.

Tokenization push (On-the-fly Inbound HTTP Responses)

Allows interception of returned API responses and relaying them to the API requester. Captured card data is encrypted and stored on secure PCI Booking servers and a token is sent to the eCommerce server with the card data masked.

Token Replacement – On-the-fly

Allows the distribution channel to use the card data in the API requests to third parties by providing a token. Distribution channels can use the end customer card in the API requests to third parties such as payment gateways or suppliers (hotels, car rentals, airlines) without the need to be exposed to the card data itself.

Multiple card payments with single token

The solution allows the use of a single token (card) for sending multiple destinations saving in the range of up to 90% in card processing fees. A captured (and tokenized) card can be used for real time payment to multiple parties such as any supplier associated with a booking. i.e. airlines, car rental companies, car rental firms, payment gateways etc. CVV details may be included in requests. Captured cards may also include security code data.

Card Storage

Shield Vault

Secure Card Storage

Card data can be stored for an unlimited time on PCI Booking Servers. This will provide better service to returning customers by enabling quick check-in and check-out processes.

Secure Card Storage Controls

Addition and deletion of cards in storage is controlled by the customer. This enables a flexible card retention policy.

Secure Card Storage Query

Ability to query existing card data stored on PCI Booking Servers by custom references. Allows easy listing of cards related to a specific end-customer and enables the end-customer to select an already stored card without the need to maintain sensitive data on internal systems.

Control Third Party Access to Card Data

Allow third suppliers such as hotels to use the card data already captured by the distribution channel. The same card can be used multiple times for different bookings with different suppliers.

Compliance with EU Directive

Easily and quickly comply with all EU directives regarding credit card and general data security – such as PSD2 and GDPR.


Stay in Touch

Sign up to our newsletter to stay informed about PCI compliance news, and updates regarding new PCI Booking features.