Demystifying PSD2 for HotelsReading Time: 3 minutes
Although it became mandatory for hotels to comply with the Payment Security Directive 2 (PSD2) in January 2021, the issue still raises some concerns for many hotels worldwide. Hoteliers are concerned about how they can be PSD2 compliant but also ensure they receive payments from guests who reserve online without payment, and cancel outside the scope of the hotel’s policies.
Furthermore, balancing PSD2 with customer experience can be a challenge for hotels, who can’t afford to compromise on either. Customers want to feel confident their sensitive personal and financial data is protected from fraud and cyber-criminals, but at the same time, they don’t want to go through seemingly frustrating, unnecessary hurdles.
In this article, I will clarify some of your top questions about PSD2, and what your hotel can do to not only be compliant but also optimize the guest’s online payment experience.
A Quick Review of PSD2 for Hotels
Prior to PSD2, online reservations without payment could be ensured by the customer submitting their credit card details to the hotel. If the guest canceled the reservation shortly before check-in, and depending on the hotel’s cancellation policy, hotels could still deduct all or part of the reservation value using the guest’s credit card details.
Under PSD2, hotels can no longer simply ask for a client’s credit card for online transactions. Instead, hotels need to request double authentication known as Strong Customer Authentication (SCA) to authorize the transaction. To complete the transaction, double authentication requires at least two of the three factors below:
- Something the customer has: Such as a credit card or mobile phone.
- Something the customer knows: Including a bank password or a PIN sent to their mobile phone.
- Something the customer is: Biometric identification using a fingerprint or facial recognition.
At this stage, PSD2 only applies if the card issue is European (part of one of the 28 countries in the EU) or if the acquirer (normally a bank) that processes the transaction on the merchant’s behalf is also European.
What can your Hotel do to be PSD2 Compliant and Ensure Payments are Received?
Hoteliers must ensure their payment gateway can authenticate guests’ credit cards in a secure way, using the SCA model. Below is a short checklist of important factors to consider when reviewing your payment processing systems:
- Make sure that your Booking Engine payment gateway can authenticate your guests’ credit cards in a secure way, using the two-factor authentication model. This model can include, but is not limited to a pin number sent to the customer’s mobile phone or biometric authentication (such as facial recognition etc)
- If you have doubts on how to charge specific reservations, namely non-refundables, contact your banking/point of sale (POS) system to get clarification on the available options to process these types of payments.
- Check with your technology partners how they have prepared for this directive, including OTAs – pay special attention to non-refundable rates.
- If you receive virtual credit cards from OTAs, these cannot satisfy the SCA requirement. Therefore, OTA payouts may need to switch to bank transfers.
- If you haven’t done so already, you should also update your terms and conditions to make clear how much is being authenticated and make sure that the guest has agreed to the hotel initiated transactions for “no show” and “post departure” charges.
- Where possible, encourage guests to pay at the time of booking to ensure you are able to collect payment. This includes collecting any deposits to cover pre-payments, cancellation and no-show fees.
- To cover post-departure payments (such as damages or delayed mini bar charges), perform a pre-authorisation for the full accommodation amount plus incidentals (i.e. using chip and PIN) when the guest checks in. This way you can charge the card later in case of any walkout or incidental expenses.
According to Hotel Tech Report, guests book nearly three quarters of reservations online. Therefore, it is important that hotels have the infrastructure in place to support secure online transactions, whether completed at the time of booking, check-in, or should the guest cancel at a stage where the hotel’s policy states all or partial payment must be deducted.
Get in touch with us to find out more about how your hotel can be PSD2 compliant, but also maintain the best customer experience.