The new version of Payment Service Directive (PSD2) about Strong Customer Authentication (SCA) comes in September 14th, 2019. However, last weeks, a lot of European countries put back the deadline. UK grants six months more and France around three years more! It doesn’t mean that online payment safety is not a priority issue to reduce bank fraud, it just means we have more time to be ready. Be aware! that your concern about this directive depends on your country…
For hoteliers, tracking reception of payments is a headache. How to verify and identify a high-risk credit card received from your booker? How to protect your hotel and ensure payments? We combine in this article all you need to know to get a clear picture of payment safety & PSD2. After reading it, you will be able to learn more about how to start a more secured payments processing for your hotel and your business.
PSD2, SCA, 3DS2… what does it mean?
The revised Payment Service Directive 2 attracts a lot of attention the latest months! We read a lot of related terms everywhere as PSD2, SCA, 3DS2… But what does it mean?
PSD2 : Payment Service Directive, 2nd version
The First Payment Service Directive (PSD) is an European directive about payment. First version was launched 10 years ago. Its little sister, PSD2, was voted in January 2018 and rolled out gradually.
SCA : Strong Customer Authentication
SCA is an European regulation included in PSD2: It will be imperative to make a double verification before paying online. It means that two factors of the following three factors are required to complete a transaction. The three factors chosen by European Union are:
- Ownership: Something the cardholder has (as smartphone)
- Knowledge: Something the cardholder knows (as password)
- Inherence: Something the cardholder is (as fingerprint)
3DS2 : 3D Secure, 2nd version
The 3D Secure system exists since many years to ensure online payment. A Buyer receives, on his smartphone, a code that is available 10 minutes to authenticate his purchase. 3D includes only one factor, it will evolve soon to 3DS2 to integrate at least a second factor.
What’ New in September 14th, 2019?
Nothing to worry about… Almost all European countries confirmed a transition period between 6 months to 3 years. You have time to think about it… Nonetheless, September 14th will stay an important date in Europe for the online payment. The importance of this date is different from a country to another: Spain maintains PSD2 for 14th September, however a lot of countries postponed this date such as United Kingdom, France, Belgium, Austria, Germany, Malta, etc… 3D Secure will stay the norm a little more for them.
European rules are clear: Only nationality of banks matters (cardholder’s bank and hotel’s bank). If the two banks are based in countries with SCA directive, the transaction must be confirmed by two or more factors (knowledge, ownership, inherence) and not only with a static password. However, if one of the two banks is outside PSD2 area, the strong customer authentication is not necessary. Not all of our readers are concerned by this new directive, it depends on your country and even then… on the nationality of your clients.
What do I need to know for my hotel?
With the upcoming PSD2, no payment could be completed without a notification and acceptation by the cardholder. The goal of PSD2 is to decrease bank fraud and to protect consumers. Every hotel which collects payments is concerned. If you take advance deposits or online pre-payments, you are also concerned!
Debiting card for “No Show” will be more difficult because client could reject it easily. Read our advice to manage No Show with PSD2 at the end of this article.
With PSD2, only two types of payment would not need strong authentication:
- Payment with code PIN
- Payment in an electronic payment terminal with MOTO mode (Mail Order and Telephone Order)
This second option can be a solution to help your client by phone or email if he meets difficulty to confirm his booking online.
Transaction under 30 euros and no more than 5 payments in a row or a total amount of 100 euros, as well as regular payments would not need strong authentication.
What is the impact of this new directive for my hotel?
Firstly, banks and payment partners are concerned by PSD2. As a hotelier, you might need to consider changing your way of work in order to stop processing unsecured payments as they can be rejected easily (ex. Distance selling). Moreover, you might be able to control your partners and insure that they are compliant, ex. Misterbooking bank partners: E-transactions, Monetico, Mercanet, Paybox, Systempay, … and Receptio, our new partner for secure card data and integrate payments.
The challenge for your hotel is to maintain a balance between payment safety and client experience. The Strong Customer Authentication (SCA) adds a step, in the guest booking experience. This additional step doesn’t have to deter your clients finalizing their booking or calling you in case of difficulties. Moreover, this new and stringent rule should not cause a lost of money as you still can collect payment using the card left as guarantee.
Our first advice is to take time to think about the following: At the beginning of this new European directive, think how to change your payment and booking terms. As we discussed earlier in this article, no transaction will be completed without the full consent of the cardholder. A “No show client” can reject your attempt to collect money after his booking date of stay because he doesn’t recognize your name or because of bad faith. With the new payment directives, it will be your responsibility to proof your right to be paid and no more the client charge to proof it’s right to be refunded, as it is the case today. Our advice is to think, before your country applies this law, about the best way to protect your hotel. For example, take a systematic deposit upon reservation.
Another advice is to inform your clients that you will be able to help them by phone or by e-mail at every step of their reservation process. Use reassuring messages in your booking forms for example. Call them and make them feel safe, it will be your biggest advantage. And, above all, be honest! Discuss with your clients about this new European directive which make their confirmation harder if they need explanation. Do not hesitate to help them to use another way to book or pay in case of difficulty.
If you need more information or advice, contact our experts at firstname.lastname@example.org.