Everything you should know about PSD2

Everything you should know about PSD2

01 September 2019Olga Gajewska

Not so long ago we had to deal with GDPR. We have not yet had time to rest after that and at the horizon, there is yet another directive that impacts hoteliers. Find out how it will affect you and what changes we are preparing in our products to ensure your compliance with the EU requirements. 

What you should remember after September 14th:


  1. PSD2 is a directive that enforces increased security on online transactions (both card payments and other forms of transactions), which also includes typical booking methods. 
  2. After this date, the pre-authorizations and Card on File charges may not work as usual – so you need to consider changing policies or implementing alternative ways of accepting payments. 
  3. Make sure that the online payment gateways you use are compliant with PSD2 (this applies to all the tools in which you accept payments).
  4. Find out how OTA intends to solve the problem of charging guest cards before their arrival (such payments can be largely declined)
  5. Get ready for Profitroom Payments which is right behind the corner!



The mysterious abbreviations – PSD2 and SCA


PSD2 is the second version of the Payment Services Directive. The first version was adopted in 2007 and if you remember what the world of online payments looked like at that time, you can imagine how far the regulations were from today's reality. 


In the meantime, not only the payment market and payment methods developed, but also – unfortunately – the ways theft of funds and frauds are executed. Therefore, a new version of the directive was created which aims to, among others, to stop this type of fraudulent activities by enforcing greater transaction security. That is why the concept (and requirement) of SCA, i.e. Strong Customer Authentication, is introduced.


Securing the transaction is not only desirable by a guest, but also you, as a hotelier should want to ensure that the money received for bookings does not have to be returned due to fraud.


What is that SCA actually for?


In a nutshell, SCA aims to ensure that the person providing credit card information (or using an online bank account) is actually the card/account owner and not a bystander or a middleman. SCA is the additional security of every transaction carried out online in a form of such as:


  • A password (and systems similar to it – something that the guest knows and which a bystander does not know)
  • A text message/push message in a user’s smartphone (and other systems based on what the guest has and what no one else has – such as a phone number)
  • A fingerprint (and other similar biometric security features unique to the individual). 


The most popular security system you most surely know is 3D Secure. When making a payment, you receive a one-time code confirming a given transaction (via SMS or your bank's mobile application), which you then enter online. Without that code, the transaction will not take place.


This type of security will not only be more and more common and improved (e.g., 3DS replaced by 3DS2), but also forced on transactions that have so far been carried out without the additional security. So it’s worth finding out how SCA will affect the payment for bookings.


When and where


PSD2 and SCA cover the European Economic Area, i.e. the European Union plus Iceland, Liechtenstein and Norway. This means that it applies to bank accounts and guest cards issued in those countries and only applies to transactions taking place within these countries. Both conditions must be met simultaneously, which means that guests from the US are not subject to PSD2 even if they book their stay in the EU area. Same way as EU residents booking their stays outside the area are not subject to PSD2 or SCA.


The directive is going to be live starting from September 14, 2019.


What’s the SCA’s impact on my business? 


Direct online payment


If your Profitroom Booking Engine is connected with payment gateways, then most likely you get payments for bookings via an online channel. What happens in such a situation after September 14th? First of all, you should make sure that your online payment system providers are PSD2 compliant. You can do this by contacting them directly. Later this year, we shall have another solution for you. So stay tuned. 


If you use Card on File, please be informed that this method will no longer be available in Profitroom Booking Engine starting from mid-October. We will replace it with a payment gateway as soon as possible. 


Remember that by using systems not compatible with PSD2 you risk having your transactions rejected. Banks may not accept transactions not secured by SCA, or may cancel them with some delay, which means you are putting yourself at the risk of major losses!


Cooperation with OTA


Transactions involving guest cards from OTA bookings are also subject to PDS2 and SCA. This means that you are safe only in two cases:


  1.  Bookings are settled using virtual cards (which are not subject to the requirements of SCA and PSD2)
  2.  You have an OTA payment system that is secure and compliant with PSD2 (Profitroom Payments, which is to be released internationally this year, is just such a system)


Profitroom Payments was built from the very beginning to ensure it’s compliant with multiple requirements, including PSD2. So when you’re a customer of Profitroom Payments, you won't have to worry about anything when it comes to payments from supported channels.


Remember that remote guest card charging can simply be rejected by a bank due to the lack of an earlier SCA secured transaction! This means that without a proper system, you don’t have any way to securely collect the fee beforehand, and you solidly rely on the good will of the guests and count on them to appear in your facility.


Pre-authorization – what’s going to happen to it? 


Pre-authorization, just like any other charges without the physical presence of the guest, takes place without the card holder’s knowledge. Therefore, it is not properly secured (3DS) and thus does not comply with SCA requirements. This doesn’t mean that pre-authorization will cease to operate on September 14. However, it will most likely be rejected much more often than it is now, and thus cease to fulfil its role of securing your bookings.

At Profitroom, we are working on a solution to replace pre-authorizations so keep an eye on our announcements. 


Remember that you can still use pre-authorization. It will also be available in the Profitroom Booking Engine. However, treat it as a supplement and not as the only security for your booking. 


Card on File approach


In this category, we have fees for no-show, for cancellation, as well as for any damage. In such cases, the ideal solution would be to charge the entire value of the stay at the time of booking, but you probably don't want such a solution with every offer. However, keep in mind that – at least temporarily – you should protect yourself against a no-show and cancellation other than by collecting guests’ cards details and trying to charge the guest without them being present. You can do this by charging a certain percentage of the booking value. You can do this with Profitroom Booking Engine when having payment gateways connected to it.


It is also worth pre-authorizing a guest’s card upon arrival (via your terminal). If the card is previously authorized by the guest, it is more likely that the bank will accept the subsequent transaction for damages, without the guest’s presence.


What we’re planning in Profitroom


Our primary goal is to increase hoteliers’ profits. So making sure that payments for bookings are made in the required amount, on time, and that you don’t have to deal with returns and unpaid no-shows – all that is our priority. That is why we are planning some changes in our systems that will help you deal with the requirements of PSD2. This is why we are working on ensuring that we can offer you international payment gateways with smooth Profitroom Booking Engine integration process.


Remember that you can still use other systems or try to charge the guest card, however, you have to take into account the losses caused by this approach! 


If you have so far used only pre-authorization or you charged the guests without their physical presence, online payments will give you the opportunity to have more flexibility in using payment policies, while allowing you to sleep peacefully in the event of a no-show (if you use prepayments). Payment automation together with emails about a failed transaction will significantly increase the chances of receiving funds.


Further work


As usual, we will not rest after that. We will then try to improve Profitroom Payments itself. We have some ideas on how to replace pre-authorization so that you can have even more freedom in how you charge your guests. We are also planning several other improvements.

We appreciate your feedback, so if you have suggestions on what we should implement in Profitroom Payments, please let us know!


Summary


What you should remember after September 14th:


  1. PSD2 is a directive that enforces increased security on online transactions (both card payments and other forms of transactions), which also includes typical booking methods. 
  2. After this date, the pre-authorizations and Card on File charges may not work as usual – so you need to consider changing policies or implementing alternative ways of accepting payments. 
  3. Make sure that the online payment gateways you use are compliant with PSD2 (this applies to all the tools in which you accept payments). Starting very soon, we will have an international gateway to offer.
  4. Find out how OTA intends to solve the problem of charging guest cards before their arrival (such payments can be largely declined)