A modern PCI infrastructure

PCI Proxy is a solid, yet flexible PCI infrastructure allowing you to
craft lean and PCI-compliant reservation and payment flows.

Support of all major card brands with secure storage vaults in Switzerland.

Your browser does not support SVG

A suite of modern tokenization APIs

PCI Proxy's APIs ensure your systems never touch sensitive card data.


Seamlessly capture sensitive card data on Websites and mobile Apps 

PCI Proxy's Tokenization APIs allow fast and seamless capturing of sensitive card data built with customization and ease-of-use at its core — whether you're a seasoned developer or just starting out, you'll be able to capture sensitive card data within minutes. 

  • Mockup
    Pull reservation data from by adding 4 simple lines of code:
    curl \
    -H "Content-Type: text/xml" \
    -H "X-CC-SIGN: 30916165706580013" \
    -H "X-CC-MERCHANT-ID: 1000011011" \
    -H "X-CC-URL:" \
    -d '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    Usage: Copy curl request and run in your Terminal. You will receive a mocked response with reservation data and tokenized card data.
  • Tripadvisor Mockup
    Push reservation data from Tripadvisor to a preconfigured PCI Proxy PUSH URL:
    curl \
    -H "Content-Type: application/json" \
    -d '{
        "truncated":".. for better visability",
            "cardholder_name":"Paul Revere",
    Usage: Copy curl request and run in your Terminal to simulate a request sent from Tripadvisor.
  • Create card token Sample
    Create a card token - the details of the credit card are stored within our vault:
    curl '' \
     -H POST \
     -H 'CONTENT-TYPE: text/xml' \
     -d '<?xml version="1.0" encoding="UTF-8"?>
    <aliasCCService version="1">
       <body merchantId="1000011011">
    Usage: Copy curl request and run in your Terminal. As a response you receive tokenized card data.

Tokenize credit cards on web services

PCI Proxy automatically filters and tokenizes card data on-the-fly on incoming HTTPS traffic - e.g. reservation data from channels like, Expedia or Tripadvisor, and many more.

Lightweight integration

Add PCI Proxy to web service requests/responses in minutes. Once added, it will automatically scan incoming requests for card data. Located card data will be replaced with a token while the rest of the body and header data is left untouched. 

Fully-developed proxy

PCI Proxy supports PUSH/PULL communication and consumes everything you'll ever send over https (XML, JSON, SOAP, QueryString, etc.). Keep your existing API endpoints ( with our Whitelabel option and still enjoy PCI SAQ A. PCI Proxy also supports connections via VPN and automatic SFTP batch conversion.

Your browser does not support SVG

Universal Token Vault

One single token format that is payment gateway agnostic - distribute payment data freely among your partner API endpoints and gateways to prevent vendor lock-ins.

Your browser does not support SVG

Supercharged with flexible payment distribution

Store cards once, distribute nearly everywhere.

  • Distribute to partner API endpoints
  • Charge against 30+ merchant acquirer
  • Transact with payment gateways
  • Distribute to partner API endpoint

    Distribute payment data to any PCI-compliant third party, e.g. Expedia, Amadeus, Sabre, etc.

    Simple, powerful payment forwarding

    Prepare any type of request (e.g. OpenTravel Schema), add 4 simple lines of code (1,3,4,5) and include a PCI Proxy token (10). It routes the request through PCI Proxy to automatically populate the request with full card data and forward it to its destination (5)

    curl '' \
     -H 'Content-Type: text/xml' \
     -H "X-CC-SIGN: 30916165706580013" \
     -H "X-CC-MERCHANT-ID: 1000011011" \
     -H 'X-CC-URL:' \
     -d '<?xml version="1.0" encoding="UTF-8" ?>
    <OTA_HotelResNotifRQ xmlns="">
        <PaymentCard CardNumber="424242SKMPRI4242" ExpireDate="1218" SeriesCode="123">
          <CardHolderName>John Smith</CardHolderName>
    Usage: Copy curl request and run in your Terminal. Your partner API endpoint (5) receives detokenized card data.
  • One API to multiple acquirer

    Connect to our API once and access over 30+ merchant acquirer, e.g. Concardis, SIX, Chase, etc.

    Perfect for platforms and service provider

    Your customers can keep their current acquirer without you writing extra code. Charge or manage a card in a single, unified API call.  

    No vendor lock-ins

    The payment is processed against your customized merchant account (5). Changing acquirer is now only a matter of configuration.

    curl "" \
    -H "Content-Type: application/xml" \
    -d '<?xml version="1.0" encoding="UTF-8" ?>
          <authorizationService version="2">
            <body merchantId="1100005007">
              <transaction refno="123abc">
    Usage: Copy curl request and run in your Terminal to charge token 424242SKMPRI4242.
  • Connect to multiple payment gateways

    Transact or store payment data with any payment gateway, e.g. Stripe,, PayPal, etc.

    Simple, powerful payment forwarding

    For instance, add 4 simple lines of code (1,3,4,5) to Stripe's original create card token request and charge the card through your Stripe account.  

    curl \
     -H "POST" \
     -H 'X-CC-MERCHANT-ID: 1000011011' \
     -H 'X-CC-SIGN: 30916165706580013' \
     -H 'X-CC-URL:' \
     -u sk_test_BQokikJOvBiI2HlWgH4olfQ2: \
     -d 'card[number]=424242SKMPRI4242' \
     -d 'card[exp_month]=12' \
     -d 'card[exp_year]=2018' \
    Usage: Copy curl request and run in your Terminal to create card token at Stripe for token 424242SKMPRI4242.

See single credit cards - PCI-compliant

Our purpose-built Show API allows authorized users to see full stored cards. A manual de-tokenizer iframe gives authorized users the opportunity to retrieve single credit cards in a PCI-compliant way.

Show API comes with language support, event listeners and customization options. 

Play safe and reduce fraud

Stored cards are often used to guarantee a service — PCI Proxy allows you to instantly verify at any time if a stored credit card is still valid with the Credit Card Checks add-on.

With a single API call, you can check the validity of a stored credit card. If successful, you can start from the premise that the credit card is valid. If not, just contact your customer and ask for clarification.

Verfiy credit card validity

Check if a stored card is still valid and can be used to charge a card or guarantee a service.

Instant access

With PCI Proxy's credit card check add-on you don't need an acquiring contract to be able to verify cards.

Reliable and without statement notice

CCC checks against Visa and Mastercard card network without showing up on a customer bank statement.

Frequently Asked Questions

What PCI Level do I possess with PCI Proxy?

Your PCI scope is the lowest possible, allowing you to fill out the easiest Self Assessment Questionnaire A. However, you are entitled to show our PCI DSS Level 1 certificate (Attestation of Compliance) to your partners.

How does the token format look like?

We support different token formats to keep your system changes as low as possible. Our most used token format is 4242 42AB CDEF 4242 which contains the first 6 and last 4 digits of the actual card number and keeps the length of the credit card number.

I'm PCI certified - Can I still use your storage vault?

Yes, if you are PCI certified and just want to store your sensitive card data in our secure vaults in Switzerland, you can connect via our XML Alias Gateway API to tokenize on-the-fly.

I want to do a PCI audit - How can PCI Proxy help?

If you are planning to certify yourself by a PCI auditor, PCI Proxy can provide the PCI infrastructure to you. Talk to us for details.

or check out our customer stories