If you are onsite bookable on holidu, it is possible for us to send you credit card information from the customer directly in the booking notification. Holidu itself is not PCI compliant, but we are working closely with a payment provider and are able to send you the credit card information through a PCI proxy.
| Info |
|---|
Requirements In order to receive the credit card informations from customers you need to proof that your endpoint is PCI compliant. Only if you send us an AOC (Attestation of compliance) and either a letter of Acknowledgment or an extract of the terms and conditions which proves the PCI DSS compliance of your endpoint, we can add you as receiver. Download Letter of Acknowledgement |
Booking notification with Credit Card information
The booking notification with the credit card information is similar to the current booking notification, it just holds the additional creditCardData object.
| Warning |
|---|
Please note: You are not allowed to charge more money to the customer than written in the booking notification, since the customer books under those conditions. In case the price written in the booking notification does not match the price in your system, please reject the booking immediately. |
CreditCardData object
| Field | Type | Required | Content |
|---|---|---|---|
| creditCardNumber | string | true | The credit card number. |
| cvv | int | true | The cvv code of the credit card |
| ccType | string | true | The brand of the credit card |
| cardHolderName | string | true | The name of the card holder |
cardExpiryDate | date | true | The expire date of the credit card (MM-YYYY) |
Credit Card Object within the booking notification
| Code Block | ||
|---|---|---|
| ||
{
"bookingId": "eacf97a4-cba2-4db1-8c02-d69306fc369f",
"externalId": "PROVIDER-623730",
"arrival": "2018-12-07",
"departure": "2018-12-10",
...
...
"paymentMethod": "CREDIT_CARD",
...
...
"creditCardData": {
"ccNumber": "4242424242424242",
"cvv": "422",
"ccType": "VISA",
"cardHolderName": "Test Card",
"cardExpiryDate": "08-2022"
},
"brand":"HOLIDU"
} |
Implementation of the PCI proxy
Since holidu Holidu is not pci compliantPCI compliant via a partnership with Datatrans. From a very high level, we need to send all the booking notifications containing credit card data through a pci PCI proxy which adds the credit card data to the notification, before sending them over to you.
| Warning |
|---|
If you use IP whitelisting you need to add 193.16.220.0-255 to the list, since these are IP addresses are used by our PCI proxy. |
You are still fully responsible for handling the payment with the customer and also the response to the booking needs to be the same. You need to be able to immediately give a response if the booking is either CONFIRMED or FAILED, no other status (e.g. Pending) is possible.
Data flow
| Drawio | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|