PSD2 is the latest regulation for European countries, affecting hotels and how they handle their payment process. The purpose of PSD2 is to make online payments more secure, with priority on the consumer's privacy and personal data. For those who wonder if it's similar to the PCI compliance regulations, we have to say 'no'. PSD2 is an additional ruling, next to PCI. In this article, we explain to you what PSD2 exactly is, and what every hotelier should keep in mind before charging the guests' payment card.
PSD2 is a European Union regulation, affecting the whole payment industry. Everything that involves an online payment, such as hotel bookings, ask for a different way to process them. Booking sites, booking engines and property management systems (PMS) are affected too. The most prominent themes are as follows:
PSD2 is applicable if the issuing bank (of the guest) and your bank are in the European Economic Area (EEA). The EEA includes EU countries plus Iceland, Liechtenstein and Norway.
Guests must verify every online payment with two-step authentication. SCA requires guests to verify their payment by entering an extra code via an app or text message. The verification via SCA should include at least two of the below criteria:
Payment service providers (PSP) often have a different name for the two-step authentication: 3D Secure.
It applies to every person and business in the European Economic Area (EEA) unless a company receives an EEA exemption. If your hotel is in this region, then your business is affected too. The same goes for guests from the EEA region.
But it doesn't stop there; booking sites, online booking engines and other hotel technology software need to apply the PSD2 regulation. That's why multiple booking sites have started working more extensively with virtual credit cards (VCC).
For hotels, PSD2 is a way to reduce credit card fraud and diminishes the loss of money. Although this is a good development, it requires some adjustments to the hotel. The things to keep in mind with this new regulation are:
By direct bookings, we mean reservations made directly via the hotel website. The online payment should include strong customer authentication, which can be arranged via payment service providers such as Mollie.
If you're looking for a PSD2 and SCA regulated online booking engine, you can consider our Smart Booking Engine. Have a look yourself: www.smarthotel.nl/en/booking-engine
Booking sites (OTA's) are part of indirect bookings. Most OTA's have their own payment process, and they must have SCA integrated into that process too. If that's not the case, you could consider sending a payment link to the guest (e.g., Pay by Link); such businesses can take over the SCA part from you.
Source: Planetpayment.com
PSD2 came into force on September 14th 2019. For SCA the deadline has moved to December 31st 2020 (September 14th 2021 for the UK).
Yes, we closely follow the PCI, GDPR and PSD2 regulations. We're happy to provide you with more information on how we do this, and what it means for you.
For more in-depth information about PSD2: European Commission FAQ
About SmartHOTEL
For more than 16 years, SmartHOTEL has been helping hoteliers navigate the exciting world of online distribution. From our office based in the Netherlands and the United Kingdom, our team serves independent hotels, hostels and chains worldwide by providing channel management and tailored online distribution solutions. A lot has changed over the last years, but our goal remains the same: simply connect hotels to the world. For any questions regarding our services, please contact us at sales@smarthotel.nl or call +31 (0)182 75 11 18.