Credit Card Tokens

It is usual business practise that under the appropriate conditions customers provide credit card data with the understanding that those details may be reused to:

  • Secure a service for a later date
  • Process a subsequent payment or refund
  • Some other agreed reason

Through collaborations with a number of online payment gateway providers around the world RMS can provide access to a guests card data while remaining out of scope of PCI compliance requirements. This process is called tokenisation.

How it works

Credit card details are collected in three main ways:

  • When a guest enters the details into the payment section of the online booking system
  • When an operator collects them during a telephone call, or,
  • When the guest presents a credit card at the reception desk


A token is simply a string of data that acts like a receipt of the credit card data. It is completely innocuous and can only be used by you via the gateway. With the token you can process subsequent payments and receipts directly in the RMS account receipt screens.

Online Booking Deposits

If you opt to collect a deposit at the time the booking is made the guest will be prompted to enter their credit card details. The form in which they enter the details is hosted by the payment gateway. The guest doesn’t leave the booking site, the details do not enter RMS and only the gateway sees them. The gateway then authorises that the card is valid and if successful processes the payment.

Once the payment is processed the gateway drops a token into RMS against the guest.

Mail Order, Telephone Order Payments (MOTO)

Credit card details can be collected over the phone for the purpose of collecting a deposit or simply to secure a reservation by first creating a token. A token can be created against a guest in a reservation by using the “Create Token” feature. When this feature is activated a form which is hosted by the payment gateway appears into which the details can be entered. The details are not entered into RMS. The gateway authorises the validity of the card and if successful creates a token against the guest.

Card Present Transactions (In Store)

A token can be created against a guest similar to the process for MOTO with the added benefit of using a magnetic card reader to simplify and expedite the process. Only card reading devices that do not compromise your PCI compliant status should be used for this purpose.