Online Travel Agencies (OTAs) such as Booking.com, Expedia, etc. provide a web-based application programming interface (API) through which Property Managers, Channel Managers, hotels, and other hospitality services such as rental car companies retrieve booking information.
The retrieved booking information frequently contains credit card account numbers.
Comply with the Payment Card Industry Data Security Standard (PCI-DSS) requirements by removing the credit card account number from the Channel Manager’s data flow.
Auric's PCI compliant Proxy4PCI option transparently tokenizes credit card data received from online travel agencies (OTAs).
- Auric’s Proxy4PCI option transparently tokenizes OTA transactions.
- Credit card information is removed from the Property and Channel Manager’s data flow.
- Removing credit cards from the data flow reduces the PCI compliance scope.
The Proxy4PCI option's tokenized data flow.
- The Channel Manager (or Hotel) sends an Online Travel Agency request to the Auric Proxy4PCI option looking for customer reservations.
- The proxy service forwards that request to the Online Travel Agency.
- The Online Travel Agency responds with booking information.
- The proxy service scans the response and sends all the plaintext credit card account numbers to the AuricVault® service.
- The AuricVault® service securely stores the credit card account number and returns an AuricVault® token to the Proxy4PCI option.
- TheProxy4PCI option replaces the credit card account number with the token, then returns the tokenized response to the Channel Manager.
- The tokenized data is retrieved by an individual hotel, B&B, lodging facility, or car rental agency.
- The hotel sends the token to the AuricVault® service and,
- receives back the original (detokenized) credit card account number.
- Removing the credit card account numbers from the OTA response reduces Channel Managers PCI footprint.
- Hotels, management services, and other hospitality vendors can use other Auric services to:
- retrieve or process the credit card number securely within their facility.
- pass the credit card number to client lodging facilities via an embedded iFrame.
- convert the AuricVault® token to a specific payment processor's token using the Token Swap option.
- process payments with the Payments Passthrough option.
NOTE: The Proxy4PCI option is in closed Beta. Please contact sales@AuricSystems.com to request access.
- Data Separation
- Proxy4PCI option