In a nutshell
To increase security, PSD2 requires that the at least 2 of the following 3 authentication factors are applied when processing online payments:
Does PSD2 apply to all types of payments?
No. PSD2 only applies to online payments when the Issuing and Acquiring banks are both from the European Union. You need to have a European card being charged by a European bank.
An issuing bank is your customer’s bank, whilst the acquiring bank, or Merchant, is the financial institution that you (the hotel) work with.
What do I need to do in order to comply with the regulation?
If you are looking to process online payments or make pre-check-in charges, you should use an online point of sale service or payment service provider that complies with the authentication requirements outlined previously.
What is the difference between a point of sale service and payment service provider?
An online point of sale service is an electronic system used to process online credit card payments.
A payment service provider also manages online payments, whilst offering other services: payment and fraud control tools, payment reconciliation mechanisms, and integrations with other online payment mechanisms.
We recommend that you contact your bank in order to activate the most adapted online point of sale service or payment processor option for your hotel. At Roiback, we will be happy to counsel you in finding a solution adapted to your technology and operational needs.
How does PSD2 impact my hotel?
Pay-at-hotel bookings: PSD2 doesn’t apply for these types of bookings, as the transaction is not carried out online and the customer is present at the moment of payment.
However, if you need to charge late cancellation fees or no-show expenses without the client being present you will need an online point of sale service or payment service provider. In this case you will need an online point of sale service or payment service provider in order to manage online payments and be compliant with PSD2.
Non-refundable rates and online payments before your customers’ stays: PSD2 does apply in these cases, as they both require an online transaction.
As is the case with late cancellation fees or no-show expenses you will need an online point of sale service or payment service provider that complies with the authentication requirements outlined previously.
What is tokenisation?
Tokenisation is the process of protecting sensitive data by replacing it with an algorithmically generated number called a token. Often times tokenisation is used to prevent credit card fraud. In credit card tokenisation, the customer’s primary account number (PAN) is replaced with a series of randomly-generated numbers, which is called the “token.” These tokens can then been passed through the internet or the various wireless networks needed to process the payment without actual bank details being exposed. The actual bank account number is held safe in a secure token vault. This process is carried out by your online point of sale service or payment service provider.
What about reservations made by phone and email?
PSD2 doesn’t apply. Telephone and email sales (MOTO or Mail Order and Telephone Order) is one of the several exemptions of PSD2. Payments can continue to be taken in the same way, using just a card number and without double authentication. To take the payment, the credit card reader needs to be configured to transaction type MO-TO and it will need to be authorised by your bank.
Call centers sales will be exempt from PSD2. Having said that, as best practise we recommend that call centers don’t capture customer credit card data over the phone. Best practise is to send an email to the customer that links to a secure platform where to finalise the booking, in compliance with PCI DSS (Payment Card Industry Data Security Standard).
Does PSD2 apply to payments made from and in the UK?
For the time being, yes. As the UK is still under EU rules. Whether PSD2 applies in the UK when the Brexit process is complete remains to be confirmed.
How can Roiback help you manage your online payment needs?
In order to better manage your online payment needs, at Roiback we have created Epayments Manager, a solution fully integrated with online point of sale services or payment service providers that helps you manage all payments, online and offline, from one single platform.
For example, you can offer flexible rates in which your customer makes a partial or full payment prior to arrival; or making a charge for a specific percentage after booking confirmation and before arrival. In addition, Roiback has developed the integration with several Payment Gateways worldwide to make PSD2 compliance easier.
In a nutshell
- The new Payment Service Directive 2 (PSD2) will be mandatory from January 1st, 2021.
- From that date onwards, you will need to use an online point of sale service or payment service provider in order to manage online payments.
- A payment processor will also allow you to charge no-shows and cancellation penalties.
- Roiback, in addition to being integrated with the industry’s leading payment processors, can also offer to you Epayments Manager, a payment management system that will help you automate and program online payments – and is also fully compliant with PSD2.