Secure and PSD2 Compliant Payment Collection

You might have heard of Strong Customer Authentication (SCA), a new rule coming into effect on September 14, 2019 in Europe as part of PSD2 regulation.

The new regulations will make it difficult for EU businesses to process card payments unless they have undergone 2-factor authentication by the card holder.

This means simply having the card details alone will no longer be an effective booking guarantee.

Which authentication methods will be available in practice will depend on the technical possibilities of the customer’s bank that issued the card.

What is “Strong Customer Authentication (SCA)”

Card payments will require a different user experience, namely 3D Secure, in order to meet SCA requirements. Authentication with two or more of these elements is required:

Something they KNOW e.g. password or security question

Something they OWN e.g. phone or hardware token

Something they ARE e.g., fingerprint or face ID

What changes with “Strong Customer Authentication (SCA)”
Transactions that don’t follow the new authentication guidelines may be declined by your customers’ banks.

Advantages and disadvantages of “Strong Customer Authentication (SCA)”

Although the additional 2-factor authentication required by SCA may cause some payers to fail to complete their payments, once the 2-factor is completed, the chances of fraud and charge backs will be lowered.

Where and when is “Strong Customer Authentication (SCA)” required

  • India introduced mandatory two-factor authentication for online payments in 2014.
  • Europe enforces Strong Customer Authentication as part of PSD2 from September 14, 2019. The rule applies for bookings from European guests for accommodations in the EU.
  • Australia will enforce stricter authentication requirements to online payments from 2020.
  • Brazil, Mexico and Singapore are planning stricter authentication requirements.

How about other regions or bookings for accommodation in the EU from guest outside the EU?

Nothing changes for businesses in other regions with bookings for accommodations in the EU from guests outside the EU.

How does Beds24 help accommodation businesses to comply to these rules?

Our connection with Stripe can be used with or without Strong Customer Authentication. If you enable Strong Customer Authentication for Stripe it activates 3DS2 authentication for direct bookings from your booking page and for payment requests which you send to guests.

Paypal and Realex will are taking care of the required functionality from their end.

Many OTAs including Booking.com and Expedia facilitate guest payments on behalf of properties (channel collect) so properties will not have to deal with SCA.

Payment requests sent via Beds24 are 3DSecure. If you require 3DS authentication you can send payment request to guests after they book via Beds24 instead of collecting a card at booking time via the OTA.

While some European countries recently announced a delay, the majority of countries will go ahead as planned. Some banks might implement SCA despite the delay so is safest to consider 14 September 2019 the launch date of SCA in Europe.

Click here for more information about payment processing with Beds24.