Imagine a key that can open any door in a hotel, but doesn’t reveal which room it belongs to unless it’s matched with the right lock. This is the essence of tokenization in the world of payments, and Su Token is the secure, digital equivalent of that master key.
For Property Management System (PMS) partners and hoteliers, Su Token provides a credible solution to manage sensitive payment data while ensuring compliance and security – a critical need in today’s data-driven hospitality industry.
Why Su Token Matters
For PMS partners that aren’t PCI compliant, securely managing payment information can be a major challenge. Su Token addresses this hurdle by removing the need for direct PCI certification while ensuring credit card (CC) information is handled safely.
- Simplified Compliance: Navigating the 12 stages of PCI certification – covering everything from network security to encryption and malware protection – can be overwhelming. Su Token takes this burden off properties by securely managing sensitive data for them.
- Cost Efficiency: Properties processing more than $1 million annually are required to meet PCI standards, which can be costly and complex. Su Token offers a comprehensive alternative through tokenization and secure storage, making compliance more achievable, especially for small to mid-sized businesses.
Su Token Workflow: How It Works
1) Booking Received
A guest books via OTA/MBS, and their credit card (CC) details are captured.
2) Secure Storage
CC details are encrypted in a Secure Vault, with CVV stored separately. Booking info (name, dates, amount) is also recorded.
3) Property Check
The system verifies if the property is set up for Su Tokenization before proceeding.
4) Tokenization & Payment
If enabled, CC details are sent to the Payment Gateway (PG) for tokenization or direct charging.
5) Token Returned & Booking Updated
PG sends back a Token ID + Transaction ID, which replaces CC details in the Booking JSON before being sent to the Property PMS.
6) Using Su Token for Payments
The token allows secure offline transactions via API or the PG back-office, ensuring PCI compliance and smoother payment processing.
1) Data Ingestion from Multiple Channels
When a booking is received – whether it’s from an OTA, a booking engine, or a central reservation system – this reservation includes the guest’s credit card details. Normally, these details would pose a security risk if stored or processed directly. Su Token addresses this by capturing the card data and sending it into a secure vault where it is heavily encrypted and out of reach for unauthorized parties.
2) Token Creation and Storage
Once the secure vault receives the card data, Su Token’s infrastructure generates a unique token. This token does not reveal any sensitive information. Instead, it simply represents the original card data. From this point onward, any interactions related to the booking – such as modifications, cancellations, or updates to the guest’s payment details – rely on the token instead of the raw card number.
3) Integration with the Payment Gateway
Su Token can interact smoothly with various Payment Gateways (PG). If charges are required immediately or at a later stage, Su Token can facilitate sending the tokenized card information to the PG for processing. The Payment Gateway, having a secure link to the card vault, can then process authorizations, charges, or refunds without ever exposing sensitive card details to non-secure systems.
4) Enhanced Security via PCI Compliance
With Su Token, PCI compliance efforts are significantly take care of. By reducing exposure to raw cardholder data, businesses simplify their PCI DSS scope. The secure vaulting infrastructure ensures that even if non-secure systems are compromised, the attacker cannot retrieve the cardholder data because it never appears outside the protected environment.
Key Features & Benefits
1) Universal PG Integration
- Supports multiple properties under a single PG account or individual accounts per property.
- Compatible with leading PGs like Stripe, Shift4, and PayAdvantage.
2) Secure Vault & Tokenization
- CC data is encrypted and stored in a secure vault, accessible only via authenticated APIs.
- Tokens enable repeated use for various transactions, minimizing the exposure of raw data.
3) Booking Engine Compatibility
- Smoothly integrates with Su’s MyBookingSite to support direct bookings.
- Configurable PG settings allow flexible payment options, such as fixed amounts, percentages, or first-night charges.
4) Real-Time Insights
- A dedicated extranet offers transaction details, token IDs, and reporting tools for overall management.
How Su Token Supports Your Operations
1) For Partners Without PCI Compliance
Su Token manages all stages of CC handling – from encryption to tokenization – ensuring secure transactions without requiring PCI certification.
2) For Properties Handling Diverse Bookings
Whether handling online or offline bookings, Su Token provides flexibility and security for any transaction type.
3) For Multi-Property Groups
A single PG account can handle payments across multiple properties, simplifying management and reducing costs.
Technical Highlights
1) Advanced Encryption
CC details are encrypted to ensure they remain inaccessible to unauthorized users.
2) Layered Security
Combines firewalls, anti-virus, and anti-malware for comprehensive protection.
3) Customizable API Access
Enables seamless integration of Su Token into existing systems, ensuring flexibility and scalability.
Example – Use Case: Connecting Su Token to Your PMS
Step 1: Tokenization
When a guest books a room, their CC information is captured and encrypted in Su Token’s secure vault. A unique token replaces the actual card data.
Step 2: PMS Integration
The token and booking details are forwarded to the PMS through a secure API connection. The PMS uses the token for payment processing or retrieving masked CC data when needed.
Step 3: Payment Processing
Tokens can be used for check-in, check-out, or incidental charges without ever exposing sensitive card details.
Takeaway
Su Token is more than a payment solution; it’s a comprehensive platform designed to address the unique needs of PMS partners and properties. Whether managing online bookings, offline reservations, or group operations, Su Token ensures secure, efficient, and scalable payment workflows.
For more information or to get started with Su Tokens, visit Su Tokens or contact sales@su-api.com.
