Credit card payment through PCI proxy

Owned by Janosch Link (Deactivated)
Last updated: Mar 02, 2022
2 min read

If you are onsite bookable on holidu, it is possible for us to send you credit card information from the customer directly in the booking notification. Holidu itself is not PCI compliant, but we are working closely with a payment provider and are able to send you the credit card information through a PCI proxy. 

Requirements

In order to receive the credit card informations from customers you need to proof that your endpoint is PCI compliant. Only if you send us an AOC (Attestation of compliance) and either a letter of Acknowledgment or an extract of the terms and conditions which proves the PCI DSS compliance of your endpoint, we can add you as receiver.  Download Letter of Acknowledgement

Booking notification with Credit Card information

The booking notification with the credit card information is similar to the current booking notification, it just holds the additional creditCardData object.

Please note: You are not allowed to charge more money to the customer than written in the booking notification, since the customer books under those conditions. In case the price written in the booking notification does not match the price in your system, please reject the booking immediately. 



CreditCardData object

FieldTypeRequiredContent
creditCardNumberstringtrueThe credit card number.
cvvinttrueThe cvv code of the credit card
ccTypestringtrueThe brand of the credit card
cardHolderNamestringtrueThe name of the card holder

cardExpiryDate

datetrueThe expire date of the credit card (MM-YYYY)

Credit Card Object within the booking notification

{
 "bookingId": "eacf97a4-cba2-4db1-8c02-d69306fc369f",
 "externalId": "PROVIDER-623730",
 "arrival": "2018-12-07",
 "departure": "2018-12-10",
...
...
"paymentMethod": "CREDIT_CARD",
...
...
"creditCardData": {
    "ccNumber": "4242424242424242",
    "cvv": "422",
    "ccType": "VISA",
    "cardHolderName": "Test Card",
    "cardExpiryDate": "08-2022"
  },
"brand":"HOLIDU"
}


Implementation of the PCI proxy

Holidu is PCI compliant via a partnership with Datatrans. From a very high level, we need to send all the booking notifications containing credit card data through a PCI proxy which adds the credit card data to the notification, before sending them over to you.

If you use IP whitelisting you need to add 

193.16.220.0-255 
91.223.186.0-255

to the list, since these are IP addresses are used by our PCI proxy.

You are still fully responsible for handling the payment with the customer and also the response to the booking needs to be the same. You need to be able to immediately give a response if the booking is either CONFIRMED or FAILED, no other status (e.g. Pending) is possible.


Data flow









In case you have any questions, please contact providersupport@holidu.com