Every so often, a new piece of legislation comes along that causes headaches and restless nights for businesses. You probably remember the endless conversations and confusion about what you could or couldn鈥檛 do when GDPR was introduced a few years ago. Anyway, we鈥檝e got some good news for you: PSD2 isn鈥檛 one of those times.
Sorry if we scared you a little. The fact is, we鈥檝e been working on PSD2 since before the first elements of the directive came into effect in 2019. Since then, we鈥檝e made a number of decisions that ensure it鈥檚 easier for all of our hoteliers to comply with the legislation, whilst also maintaining a great user experience for guests. Here鈥檚 everything you need to know about PSD2.
What is PSD2?
PSD2 stands for Payment Services Directive 2. Catchy, right? It鈥檚 a piece of legislation from the European Union that鈥檚 designed to make online payments more secure for customers and businesses. As well as security, its stated goal is to open up payment markets to more competition, greater choice and better prices for consumers.
The need for improved security protocols is fairly obvious. Online payment options are becoming more varied and more frequent, and the global proportion of online transactions is increasing every year. Regulators saw the need for increased security for these payments, which is where PSD2 comes in.
PSD2 requires all online payments in the EEA (European Economic Area) to have Strong Customer Authentication (SCA) that protects against fraud 鈥 there are some exceptions, which we鈥檒l get to later. Essentially, this means that when a customer makes a transaction, they will be asked to verify they payment with an additional piece of information by using 3D Secure (3DS) authentication. This can be:
- Something owned, such as a code sent to a phone
- Something known, such as a pre-existing password or security question answer
- Something you are, such as a fingerprint or facial recognition
PSD2 exemptions
There are usually exceptions to the rules, and PSD2 is no different. In some cases, the guest won鈥檛 need to verify payments via SCA. These are:
- For transactions less than 鈧30
- For transactions via virtual credit cards
- For 鈥榦ne-leg-out' transactions, meaning if either the card is issued outside of the EEA, or the hotel is based outside of the EEA
- Payments sent via channel managers
- For future transactions 鈥 i.e. once the customer has verified their identity with your property once, they don鈥檛 need to do it again
PSD2 in the hospitality industry
Wait a minute, you might be thinking. Did you already tell us about PSD2, like, two years ago? Yes, we did. The first parts of the new regulation were brought into effect in September 2019, but now we have much more information about how it will specifically effect those in hospitality. The caveat here is that although PSD2 is a EEA-wide scheme, it may be implemented slightly differently per country. You should definitely check out your own government鈥檚 information to see the timeline for your business.
Many hoteliers had justified concerns when PSD2 was announced, largely because payment is often not taken during booking, but at a later date. If a customer needs to provide SCA for every step 鈥 for example during booking, check-in, and settling room extras 鈥 it will worsen the guest experience and potentially harm conversions.
As much as 75% of online payments in the EEA area will be affected by PSD2, so if you鈥檙e a European property, you can expect to be affected. And in a time where every piece of business is precious, the nightmare scenario is that customers get confused or annoyed by the new payment flow, are worried by what they see as possible scams, and abandon their stay with you.
But don鈥檛 worry. If you鈥檙e a 黑料网 customer, this isn鈥檛 going to happen.
PSD2 for 黑料网 customers
鈥満诹贤' customers can have peace of mind when it comes to the rollout of PSD2 鈥 we鈥檝e been planning for it for over 2 years,鈥 says Jirka Helmich, our Chief Product Officer. 鈥淲e want the hoteliers who use 黑料网 to focus on the things they are best at, which is creating remarkable guest experiences for the people who come to their hotels.鈥
Reassuring words. But what do they mean in real terms? Our team has worked on optimizing the customer flow to ensure that your conversions won鈥檛 be affected, and your guests still have a smooth journey.
黑料网 initiates authentication at the moment of reservation using 黑料网 Booking Engine, regardless of whether payment is taken immediately or otherwise. This is the most frictionless point of the journey to ask for authentication, as guests are already entering personal/payment details anyway. Once the customer confirms their booking in this first instance, they won't have to provide SCA verification for any further transaction with your property. 黑料网 tokenizes and stores the card details for future payments.
Online check-in is another point in the guest journey that we collect the guest鈥檚 payment card. If a guest checks in online and authentication wasn鈥檛 performed yet (i.e. the booking was done through a different channel), 黑料网 will authenticate the card during online check-in.
When it comes to reservations made through channel managers, limitations in intermediary systems mean that a special interim solution has been agreed by regulators. Essentially, Visa, Mastercard and American Express created a temporary exemption for indirect sales in the hospitality sector. Firstly, it鈥檚 the responsibility of the booking agent to ensure SCA is met. Once this is done, 黑料网 can flag the transaction as MOTO (Mail Order/Telephone Order) if the booking agent can鈥檛 pass on the authentication, allowing you to process the transaction at any later point without asking the guest to verify their details again.
VCCs (virtual credit cards) issued by OTAs are also exempt, as are any in-person payments such as at check-out via front desk or self-service kiosks, which are considered as 鈥榗ard present鈥 payments.
If your guest forgets to pay for something in the minibar, or has to make any other post-stay payments, you can again initiate the payment without further authentication because you already have verified card details stored.
Payment security for non-EU customers
Depending on where you are in the world, you may have different online payment security rules. If you鈥檇 like to make your property鈥檚 payments even more secure, we have good news: we decided to roll out 3D Secure payments across all geographies. 3DS is the actual two-factor authentication that happens for payments, which in the case of PSD2 is used as part of SCA. But you don鈥檛 need PSD2 to use 3DS. Any 黑料网 property can enable 3DS on 黑料网 Booking Engine and 黑料网 Online Guest Services.
PSD2 takeaway
If you take away nothing else from this blog, let it be this: we鈥檝e done everything we can to ensure that any 黑料网 customers (or future 黑料网 customers) comply with PSD2 while also maintaining a smooth experience for guests. If you have any concerns, just reach out to your account manager or customer success representative and we鈥檒l be happy to talk.
PSD2 glossary
PSD2: Payment Services Directive 2, introduced in 2019 by the European Union to create a single, secure market for European payments.
SCA: Strong Customer Authentication, a requirement of PSD2 that ensures online payments are performed with multi-factor authentication.
3DS: 3D Secure is the authentication process that an issuing bank uses to validate a cardholder. Typical processes include a guest receiving a pin code via mobile, or presenting fingerprint verification, which then confirms the payment.
EEA: The European Economic Area, which is EU countries and Norway, Iceland and Liechtenstein, in which PSD2 applies.
MIT: A Merchant Initiated Transaction is where the merchant (the property) tries to collect the payment on the customer鈥檚 behalf in their absence, for example post-stay mini-bar charges.
VCC: Virtual Credit Cards, typically used by OTAs (online travel agencies) as a way of making more secure online purchases, often for single-use transactions.
MOTO: Mail order / telephone order channel, exempt from PSD2 regulations. Reservations made via channel managers fall into this category.
OLO: One Leg-Out transactions are exempt from PSD2 regulations, and occur when either the payment card is issued outside of the EAA, or the merchant (property) isn鈥檛 located in the EAA.
.webp)