Card Authorizations

Last updated June 30, 2026

Card Authorizations

A card authorization is the client giving you permission to use their card to pay a supplier. The form encrypts the card details and stores them as a token, which you can reveal to run through your supplier (cruise line, hotel, tour operator, etc.) when you submit the booking. JourneyFuse does not run the actual card charge — the supplier does that on their end.

Finding Your Card Authorizations

All card authorizations across your trips live under Invoices & Cards → Card Authorizations in the sidebar. The list is grouped by status:

  • Active — collected and ready to use
  • Pending — sent but the traveler hasn't submitted yet
  • Expired & Revoked — collapsed by default; click to expand

Use the search bar to find an authorization by client, trip, or the card's last four digits.

Creating a Card Authorization

There are two ways to start a new authorization:

  • From the Card Authorizations page — click Request Card Authorization, pick the trip (the client is filled in automatically), then complete the details.
  • From a trip — open the trip's payment section and create one there.

Either way, specify:

  • Traveler — which traveler this card auth is for
  • Amount and currency — the authorization amount
  • Access duration — how long the authorization is valid (default: 30 days)

This generates a unique, shareable link.

Sending the Link to Your Client

Share the card authorization link with your traveler. They'll see a secure form asking for:

  • Cardholder name
  • Billing address
  • Card details (number, expiration, CVC)
  • An authorization agreement checkbox

All card data is encrypted by Evervault before it leaves the browser — your agency never sees or stores raw card numbers.

Once the traveler submits:

  1. The card details are encrypted and stored as a token tied to the authorization
  2. A payment record is created on the invoice, marked paid for tracking purposes
  3. The invoice status updates to paid (or partially paid for split payments)
  4. You receive an email confirming the authorization with the amount, cardholder name, and last 4 digits

At this point the card is ready to use. To actually run the card, open the authorization and click Reveal Card to see the full number, expiry, and CVV — then enter those into your supplier's booking system. The client's card will only be charged when the supplier processes it.

You don't need to do anything for the happy path — the authorization stays valid for the access duration you set and the card details remain available to reveal whenever you submit the booking.

Card Authorization Statuses

StatusWhat it means
PendingCreated but the traveler hasn't submitted yet
AuthorizedCard details collected and ready to use with your supplier
ChargedYou have marked the authorization as processed by the supplier
DeclinedThe supplier declined the card when you ran it
ExpiredAuthorization window has passed
RevokedYou manually cancelled the authorization

Processing the Card

When the client submits the form, the authorization moves to Authorized. JourneyFuse also creates a payment record on the invoice for tracking, so the invoice reflects that the client has provided payment. The card itself has not been charged at this point.

When you run the card through your supplier's booking system and the charge goes through, click Mark as Charged to update the status. If the supplier declines the card, click Mark as Declined so the invoice can be re-collected.

The system will not double-create payment records on the invoice when you mark as charged, so it's safe to click after the supplier has processed the card.

Revoking an Authorization

You can revoke any pending or authorized card auth at any time. This immediately destroys the encrypted card data and prevents future charges.

Security & Compliance

  • Card data is encrypted client-side by Evervault (PCI DSS Level 1 compliant)
  • Encrypted data is automatically destroyed after the authorization expires
  • Your agency never has access to plaintext card numbers
  • All actions (authorization, charging, destruction) are logged for audit

The Client's Authorization Experience

When a client opens their authorization link, here is the exact flow they go through:

  1. They land on a secure authorization page hosted by JourneyFuse
  2. They enter their card details (cardholder name, billing address, card number, expiration, CVC) — all data is encrypted in the browser by Evervault before it ever leaves their device
  3. They read the authorization agreement (displayed just above the submit button) and check the agreement checkbox
  4. They type their full name as an electronic signature
  5. They click Authorize to submit

The card is never transmitted in plaintext. Neither JourneyFuse nor your agency ever sees or stores the raw card number.

Authorization Language and What Clients Agree To

The authorization agreement your client signs covers two things:

  1. Payment authority — the client authorizes your agency to use their card to make payments with travel suppliers on their behalf
  2. Terms and conditions — the client acknowledges they have read and agree to your agency's terms and conditions of booking, as well as the principal suppliers' terms, cancellation policies, and refund policies

When you have a Terms & Conditions URL configured (see below), a direct link to your agency's terms appears inside the agreement text, right where the client reads it before signing. This is critical for chargeback defense: card networks specifically look for evidence that the cardholder agreed to the cancellation and refund policy at the time of booking.

Setting Your Terms & Conditions URL

Go to Settings → Agency → Terms & Conditions and paste the URL to your agency's terms and conditions page.

Once set, your T&C link appears directly in the authorization agreement text. Clients see it, click through to read it, and agree to it as part of authorizing their card. This single step materially strengthens your position if a chargeback is ever filed — the signed authorization becomes evidence that the cardholder agreed to your cancellation and refund policy before any payment was processed.

If you don't have a Terms & Conditions page yet, consider creating a simple one on your agency website covering your booking terms, deposit conditions, and cancellation/refund policy. Even a one-page PDF hosted publicly works.

Chargeback Evidence: What Is Captured and Where to Find It

Every card authorization captures a permanent audit trail at the moment the client submits:

EvidenceWhat is recorded
Signer nameThe full name the client typed as their electronic signature
Date and timeThe exact timestamp of submission
IP addressThe IP address the authorization was submitted from
Authorization statementThe exact text of the agreement the client agreed to, preserved as it appeared at submission

This audit trail is immutable — it cannot be altered after the fact.

To access the evidence for a specific authorization:

  1. Go to Invoices & Cards → Card Authorizations
  2. Find the authorization and open it
  3. The authorization detail shows the signer name, date/time, IP, and the agreed statement
  4. You can download or print a receipt showing the full audit trail — this is what you submit to your card processor when responding to a chargeback

When a chargeback is filed, you present this receipt as evidence that the cardholder explicitly authorized the charge, agreed to your cancellation and refund policy, and signed electronically with their name, date, and IP address recorded.