By Isis Darios | Published in September, 2019
The new Strong Customer Authentication (SCA) regulation will affect most of the Travel industry in many ways, both directly and indirectly.
Don’t worry though, that’s a good thing! This regulation aims to make the way we handle our money more transparent and more secure. At the end of the day, this is a positive change for your business and your guests.
Even with this long-term positive impact, hotels, hostels and hosts all over the EEA are feeling the pressure to meet what seems like an impossible deadline to be completely SCA compliant. However, if you’re one of Cloudbeds’ Stripe users, we’ve got good news — all your payments requested through Cloudbeds will be 100% SCA compliant.
Why do we need Strong Customer Authentication?
As the online economy grows, regulators are attempting to make online payments safer. In the European Economic area, the Second Payment Services Directive, or PSD2, aims to make online payments safer. This regulation is being put in place due to new requirements for authenticating payments online.
Beginning September 14, 2019, PSD2 regulation will require Strong Customer Authentication (SCA) for many online payments made by European customers, to help reduce fraud.
Strong Customer Authentication simply means that businesses will have to verify customer’s online purchase transactions using 2-factor authentication.
With Cloudbeds’ latest product release, we fully support Strong Customer Authentication for processing payments via the Stripe Payment Gateway for reservations received via the Cloudbeds booking engine and PMS. This includes all reservation sources through our new folio and checkout enhancements that support 3D Secure 2.0.
By enhancing our direct integration with Stripe, properties are now capable of accepting guest payments in full compliance with the new SCA regulation. To learn more about this exciting development, please refer to our KnowledgeBase Article – Strong Customer Authentication (SCA) and 3D Secure 2.0: Everything you need to know.
How does SCA affect you as a property owner/manager?
This regulation affects how you receive payments from guests before their stay and after their stay. The impact of SCA on your business can vary depending on the type of purchase, whether you charge a customer during or after checkout, and even which bank your customer uses. Cloudbeds is working with Stripe, which has designed SCA-ready payment APIs and products to help you manage this new regulation and minimize the impact of SCA on your checkout conversion.
Are there any extra steps I can take to make sure I get my payments?
The biggest difficulty hotels face will be processing payments using cards that haven’t been authenticated at the time of purchase/booking. To help solve this challenge, the Cloudbeds system can be configured to contact your guests to request authorization on your behalf.
SCA may call for hotels to rethink their policies on when to charge guests.
Here are a few tips:
Pre Check-in Payments – Request either complete or partial payment at the time a guest makes a reservation
- Make sure your payment gateway can authenticate a guest’s card while making their payment. Cloudbeds fully allows for this process via our Stripe partnership.
Deferred Payments – Cancelations and no-show fees.
- Transactions initiated by the merchant are known as MIT (Merchant Initiated Transactions) and these deferred payments usually use previously-saved card data. In order for this card transaction to work, SCA must be performed at the time of recording the card details (even if a payment is not taken at that time).
- If cards on file are not pre-authorized, you may be unable to process a payment at a later date.
- To avoid this problem, attempt to authorize and/or charge guest cards while the guest is present. This can be done by requesting a deposit to cover situations such as cancelations and no-show fees.
Check-Out – Collect all pending payments at the time of check out
- Using a physical card and PIN is the easiest way to settle all pending payments at the end of a trip.
Post Check-Out – Collecting Payments once the guest has left.
- These payments run the highest risk of inability to process.
- We recommend asking guests to pre-authorize payment at check-in for the full amount of their stay, plus any extra expenses, allowing you to charge their card at a later date.
If you’re already familiar with the SCA you can skip the next few sections, but if you’re in the EEA and are looking to familiarize yourself with the SCA, then these next few sections are for you.
Who does the PSD2 regulation affect?
Beginning September 14, 2019, PSD2 regulation will require Strong Customer Authentication (SCA) for many online payments made by European customers, to help reduce fraud. PSD2’s main goal as it pertains to the Hospitality industry is to protect your guests and their payments. With the introduction of this new standard, guest credit card security is maximized, credit card fraud is minimized, and more transactions are successfully processed.
This regulation presents a great change to Payment Service Providers, like banks and anyone accepting payments online. Many players in the hospitality industry will also be affected, such as Online Travel Agencies (OTAs) and properties all over the EEA that accept online payments using a Booking engine.
What is SCA?
SCA requires a strict process to validate online payments. This process is required when your guest’s card and your bank are both from the EEA.
Guests will now need at least two out of three possible authentication factors to authorize a payment:
- Something only the guest knows, like a PIN, code, or password
- Something only the guest possesses, such as a physical payment card or mobile phone
- Something the guest is (biometric information), such as a face ID, a fingerprint, or an iris scan
What is 3D Secure?
3D Secure ensures your payment request are not denied. It is simply a set of rules that provides extra protection for both businesses and consumers in the world of online payments. A 3D secure transaction will redirect customers to their bank’s website for payment authorization.