Bookeasy’s payment gateway integration of the PxPost API utilises a "Token Billing" method.
This provides Bookeasy the flexibility that allows a destination partner to charge a traveller’s credit card regularly, without requiring Bookeasy to either store sensitive card data securely, or the need for destination partners to obtain credit card details every time a new payment is requested.
The most common scenario where this flexibility is required, is the event additional product is added to a traveller’s existing itinerary whereby additional payment is required.
This functionality is implemented by requesting payment express to first capture and store a traveller’s credit card details, and to link these stored details to a 32 character "token". This "token" contains a reference that is unique to the merchant's customer that will be associated with the credit card information stored securely at Payment Express.
As a result, when there are additional payment requests to the card, Bookeasy will not need to supply the card number or expiry date, only the token originally associated to the card when the first payment was processed.
In order to make a payment in Bookeasy, or via a Bookeasy destination partner’s beGadgets for online bookings, when credit card details are entered the following process occurs in just a few seconds:
- Bookeasy securely sends the traveller’s credit card information to Payment Express, whereby Payment Express save and store the traveller’s credit card information.
- Along with the traveller’s credit card information, a $1.00 validation authorisation (Validate) is also sent to Payment Express. This will determine if the card is valid, is not on any hot or stolen card lists, and that it has the correct expiry date.
This validation request does not physically charge the traveller, and is not recorded in the Bookeasy Staff Console when viewing payments for a traveller’s itinerary.
- This validation does, however, get recorded in Payment Express’s "Payline" system, where it will be listed in the transaction search as a payment type of "Auth" for $1.00.
- Payment Express will then send an appropriate response to Bookeasy, in essence either accepting the validation request or rejecting it.
- If accepted, Payment Express will supply Bookeasy with the token associated with the credit card supplied.
If rejected, Payment Express will supply the appropriate response message, depending on the reason for rejection.
- If validation was accepted, then using the supplied token Bookeasy will save and process the booking. This includes the processing of payment for the booking, whereby the booking’s payment value is subsequently sent to Payment Express using the supplied token (i.e. at this point Bookeasy does not have, save, need or use the traveller’s credit card details).
- Upon successful payment, Bookeasy records the payment on the traveller’s itinerary, and if required updates the itinerary’s status inclusive of any applicable guest and operator emails.
- Payment Express also records the payment in "Payline". This is listed as a "Prch" (Purchase) transaction type, and includes both the payment value and Merchant Reference number (the Merchant Reference number is the Bookeasy itinerary number).