Credit Card Payment Through PCI
Make the payment easier
Requirements
In order to receive the credit card informations from customers you need to prove that your endpoint is PCI compliant. Only if you send us an AOC (Attestation of compliance) and either a letter of Acknowledgment or an extract of the terms and conditions which proves the PCI DSS compliance of your endpoint, we can add you as receiver as soon as the certifcation proccess is done.
Booking notification with Credit Card information
The booking notification with the credit card information is similar to the booking notification explained here, it just holds the additional creditCardData object.
| Parameter | Type | Required | Usage |
|---|---|---|---|
| credtiCardData | Object | Yes | |
| creditCardData.ccNumber | String | Yes | |
| creditCardData.cvv | String | Yes | |
| creditCardData.ccType | String | Yes | MasterCard, VISA |
| creditCardData.cardHolderName | String | Yes | |
| creditCardData.cardExpiryDate | String | Yes | MM-YYYY |
| 3DS | Object | ||
| 3DS.eci | String | ||
| 3DS.xid | String | ||
| 3DS.cavv | String | ||
| 3DS.threeDSVersion | String | ||
| 3DS.directoryResponse | String | ||
| 3DS.authenticationResponse | String |
"creditCardData": {
"ccNumber": "4242424242424242",
"cvv": "422",
"ccType": "VISA",
"cardHolderName": "Test Card",
"cardExpiryDate": "08-2022"
}
PCI Card Payments With 3Ds
As we know that some countries don't allow transacting without 3D security, we have implemented a method to have all your transactions secured with one of the latest 3Ds versions.
The customer will be redirected to their bank authentication page from Holidu website to finish the security checks and then redirected again to our website to show the status of the booking, everything will be handled on our end and you have to only handle the 3Ds object we will send in the booking notification request.
{
"creditCardData":{
"ccNumber":"4xxxxxxxxxxxxxxxxx",
"cvv":"xxxxxxxxxxxxxx",
"ccType":"VISA",
"cardHolderName":"Test Card",
"cardExpiryDate":"xx-20xx",
"3DS":{
"eci":"xx",
"xid":"xxxxxxxxxxxxxxxxxx",
"cavv":"xxxxxxxxxxxxxxxxxx",
"threeDSVersion":"2.2.0",
"directoryResponse":"X",
"authenticationResponse":"X"
}
}
}
Implementation of the PCI proxy
Holidu is PCI compliant via a partnership with Datatrans. From a very high level, we need to send all the booking notifications containing credit card data through a PCI proxy which adds the credit card data to the notification, before sending them over to you.
️ CAUTION
If you use IP whitelisting you need to add the following IPs to your whitelist, those are IP addresses used by our PCI proxy partner.
193.16.220.0-255
91.223.186.0-255
You are still fully responsible for handling the payment with the customer and also the response to the booking needs to be the same. You need to be able to immediately give a response if the booking is either CONFIRMED or FAILED, no other status (e.g. Pending) is possible.
Data flow
️ Please note that:
You are not allowed to charge more money from the customer than written in the booking notification, since the customer books under those conditions.
In case the price written in the booking notification does not match the price in your system, please reject the booking immediately.
Updated about 2 months ago