Explained: PSD2 and Strong Customer Authentication (SCA)

PSD2 is the latest regulation for European countries, affecting hotels and how they handle their payment process. The purpose of PSD2 is to make online payments more secure, with priority on the consumer's privacy and personal data. For those who wonder if it's similar to the PCI compliance regulations, we have to say 'no'. PSD2 is an additional ruling, next to PCI. In this article, we explain to you what PSD2 exactly is, and what every hotelier should keep in mind before charging the guests' payment card.


What is PSD2?

PSD2 is a European Union regulation, affecting the whole payment industry. Everything that involves an online payment, such as hotel bookings, ask for a different way to process them. Booking sites, booking engines and property management systems (PMS) are affected too. The most prominent themes are as follows:

  1. Improve the security of payments by adding two-step authentication (SCA).
  2. The bank must allow access to the guests' payment account by third parties, but only if the guest gives permission.

PSD2 is applicable if the issuing bank (of the guest) and your bank are in the European Economic Area (EEA). The EEA includes EU countries plus Iceland, Liechtenstein and Norway.


What is Strong Customer Authentication (SCA)?

Guests must verify every online payment with two-step authentication. SCA requires guests to verify their payment by entering an extra code via an app or text message. The verification via SCA should include at least two of the below criteria:

  1. Something the guest has (such as a phone)
  2. Something the guest knows (such as a pin code)
  3. Something the guest is (such as fingerprint and face recognition)


Payment service providers (PSP) often have a different name for the two-step authentication: 3D Secure.


Who does PSD2 apply to?

It applies to every person and business in the European Economic Area (EEA) unless a company receives an EEA exemption. If your hotel is in this region, then your business is affected too. The same goes for guests from the EEA region.

But it doesn't stop there; booking sites, online booking engines and other hotel technology software need to apply the PSD2 regulation. That's why multiple booking sites have started working more extensively with virtual credit cards (VCC).


What does PSD2 mean for hotels?

For hotels, PSD2 is a way to reduce credit card fraud and diminishes the loss of money. Although this is a good development, it requires some adjustments to the hotel. The things to keep in mind with this new regulation are:

  • The SCA must be captured, no matter if it's regarding a full payment or just a deposit.
  • You're not allowed to receive credit card details via a form without SCA on your website.
  • Booking sites or payment gateways must send proof of the captured SCA to the hotel, for the hotelier to charge the guests' credit card.
  • Payments without proof that the SCA is captured have the risk of being declined.


Direct bookings

By direct bookings, we mean reservations made directly via the hotel website. The online payment should include strong customer authentication, which can be arranged via payment service providers such as Mollie.

If you're looking for a PSD2 and SCA regulated online booking engine, you can consider our Smart Booking Engine. Have a look yourself: www.smarthotel.nl/en/booking-engine


Indirect bookings

Booking sites (OTA's) are part of indirect bookings. Most OTA's have their own payment process, and they must have SCA integrated into that process too. If that's not the case, you could consider sending a payment link to the guest (e.g., Pay by Link); such businesses can take over the SCA part from you.

Source: Planetpayment.com


When does PSD2 come into force?

PSD2 came into force on September 14th 2019. For SCA the deadline has moved to December 31st 2020 (September 14th 2021 for the UK).


Does SmartHOTEL apply PSD2?

Yes, we closely follow the PCI, GDPR and PSD2 regulations. We're happy to provide you with more information on how we do this, and what it means for you.


For more in-depth information about PSD2: European Commission FAQ


SmartHOTEL Channel Manager


About SmartHOTEL 

For more than 16 years, SmartHOTEL has been helping hoteliers navigate the exciting world of online distribution. From our office based in the Netherlands and the United Kingdom, our team serves independent hotels, hostels and chains worldwide by providing channel management and tailored online distribution solutions. A lot has changed over the last years, but our goal remains the same: simply connect hotels to the world. For any questions regarding our services, please contact us at sales@smarthotel.nl or call +31 (0)182 75 11 18. 


By Chantal Mieremet | February 23, 2021

Share This Story, Choose Your Platform!


Recent Posts