Card Authorizations

A card authorization is the client giving you permission to use their card to pay a supplier. The form encrypts the card details and stores them as a token, which you can reveal to run through your supplier (cruise line, hotel, tour operator, etc.) when you submit the booking. JourneyFuse does not run the actual card charge — the supplier does that on their end.

Creating a Card Authorization

From a trip's payment section, create a new card authorization by specifying:

• Traveler — which traveler this card auth is for
• Amount and currency — the authorization amount
• Access duration — how long the authorization is valid (default: 30 days)

This generates a unique, shareable link.

Sending the Link to Your Client

Share the card authorization link with your traveler. They'll see a secure form asking for:

• Cardholder name
• Billing address
• Card details (number, expiration, CVC)
• An authorization agreement checkbox

All card data is encrypted by Evervault before it leaves the browser — your agency never sees or stores raw card numbers.

Once the traveler submits:

1. The card details are encrypted and stored as a token tied to the authorization
2. A payment record is created on the invoice, marked paid for tracking purposes
3. The invoice status updates to paid (or partially paid for split payments)
4. You receive an email confirming the authorization with the amount, cardholder name, and last 4 digits

At this point the card is ready to use. To actually run the card, open the authorization and click Reveal Card to see the full number, expiry, and CVV — then enter those into your supplier's booking system. The client's card will only be charged when the supplier processes it.

You don't need to do anything for the happy path — the authorization stays valid for the access duration you set and the card details remain available to reveal whenever you submit the booking.

Card Authorization Statuses

Status	What it means
Pending	Created but the traveler hasn't submitted yet
Authorized	Card details collected and ready to use with your supplier
Charged	You have marked the authorization as processed by the supplier
Declined	The supplier declined the card when you ran it
Expired	Authorization window has passed
Revoked	You manually cancelled the authorization

Processing the Card

When the client submits the form, the authorization moves to Authorized. JourneyFuse also creates a payment record on the invoice for tracking, so the invoice reflects that the client has provided payment. The card itself has not been charged at this point.

When you run the card through your supplier's booking system and the charge goes through, click Mark as Charged to update the status. If the supplier declines the card, click Mark as Declined so the invoice can be re-collected.

The system will not double-create payment records on the invoice when you mark as charged, so it's safe to click after the supplier has processed the card.

Revoking an Authorization

You can revoke any pending or authorized card auth at any time. This immediately destroys the encrypted card data and prevents future charges.

Security & Compliance

• Card data is encrypted client-side by Evervault (PCI DSS Level 1 compliant)
• Encrypted data is automatically destroyed after the authorization expires
• Your agency never has access to plaintext card numbers
• All actions (authorization, charging, destruction) are logged for audit