Credit Card Authorization Forms
Send a secure link that lets a remote third party authorize charges for a guest's stay — signed evidence, card on file, optional immediate charge.
Sometimes the person paying for a stay isn't the guest — a parent booking for a student, a company covering an employee's travel, or a travel agent managing a client's trip. HelloShift's Credit Card Authorization Forms let this remote cardholder authorize charges without ever visiting the property: you send a secure link, they review what they're authorizing, sign electronically, and enter their card on a secure page. HelloShift stores a signed, timestamped authorization record you can use as evidence in a chargeback dispute, keeps the card on file, and can optionally charge it immediately.
This replaces emailed or faxed paper authorization forms — no card numbers over email, and every authorization has a consistent, signed paper trail.
Availability & requirements
Card Authorization Forms are enabled per property — contact support@helloshift.com to turn them on.
Secure card entry requires Shift4 as your payment provider. On properties using other providers, the form still collects the signed authorization and consent — your team collects card details directly through your usual process.
Authorization links are valid for 7 days and can be used once. You can resend or reissue at any time.
Sending an authorization request
Open the guest's reservation page and expand the Request Card Authorization panel.

Enter the cardholder's name and email — this is the person paying, not the guest. Phone and relationship to the guest are optional.
Choose the authorization type: Card on file (no charge now) or Charge immediately with an amount.
Select which charges you're asking them to authorize — All Charges, Room Charges, Food & Beverage, Incidentals, Reservation Guarantee Only, or Other. The cardholder confirms these on the form.
Click Send authorization request. HelloShift emails the cardholder a secure link, branded with your property's name and logo.
If the email doesn't reach the cardholder, open the authorization from the panel (or the Authorizations page) and copy the link directly — you can text or resend it however works best.
What the cardholder sees
The link opens a single-page, mobile-friendly form showing your property's branding, whose stay they're paying for, and exactly what they're authorizing:

Guest & cardholder — who's staying and who's paying, side by side.
Charges to authorize — the categories you selected, which they can review and adjust.
Acknowledgment & signature — they certify they're the authorized cardholder and sign by drawing or typing.
Card details — entered in a secure, encrypted card field. Card numbers never touch HelloShift's servers; we store only the masked card and a reusable payment token.
After submitting, the cardholder sees a confirmation with a reference number and receives an emailed receipt listing what they authorized.

Authorization statuses
Reviewing authorizations
Find all authorizations under Guest → Authorizations in the sidebar. Filter by status, resend pending links, and open any authorization to view its full record. When a cardholder submits, HelloShift also posts a note to the guest's conversation so the front desk sees it in context.

The signed evidence record
Every submitted authorization stores a dispute-ready record:

Cardholder identity and relationship to the guest
The exact charge categories they authorized
Masked card number and card brand — never the full number or security code
Address and security-code verification result codes from the card network
The signature, submission timestamp, IP address, and device
Card-not-present charges from a third party are among the highest chargeback-risk transactions a hotel runs. If a charge is disputed, open the authorization and print the evidence record from your browser to submit with your dispute response.
FAQ
Does the guest get notified?
No. The cardholder is your correspondent for this transaction — the guest's stay is unaffected.
Can I charge the card later?
The card is stored with your payment provider. Run later charges through your Shift4 tools; in-app follow-up charges and refunds are on the roadmap.
What if the cardholder's email was entered wrong?
Open the authorization and use the copyable link, or send a new request with the corrected email.
Is this PCI compliant?
Yes — card details are entered in your payment provider's hosted, encrypted field. HelloShift stores only the masked card, a payment token, and verification result codes.