Following last year’s GDPR regulation, another major EU law was about to unsettle the hospitality industry from September 2019. But after a last-minute delay announced by the European Banking Authority, the new Strong Customer Authentication (SCA) requirements will only be enforced from 31 December 2020.
Let us help you make sense of the key changes and their effects.
1. What Does PSD2 Stand For?
The revised Payment Services Directive (PSD2) is a wide-ranging decree regulating the European payments market. While it deals with various security issues, it is most commonly known for its customer protection component.
The PSD2 demands strict security requirements from payment service providers ensuring strong customer authentication to process electronic payments.
2. What Is Strong Customer Authentication?
Strong customer authentication is a requirement by the European Union directing card issuers to ask customers for two separate types of authentication to approve electronic payments.
3. Why Is There A Need For This New Regulation?
Credit card fraud is a growing concern worldwide. The EU aims to make online payments safer and offer better protection to customers by imposing stricter regulations on card issuers and online merchants.
4. How Will The New Rule Make Online Transactions More Secure?
Customers will be asked for two different ways to validate their online translations and to prove that they are the genuine credit cardholder. According to the EU law, strong customer authentication has to be based on at least two of these elements:
Knowledge: something only the user knows such as a password or a PIN code
Possession: something only the user possesses such as the credit card or a code generating device
Inherence: something the user is such as the use of touch ID or voice recognition
5. When And Where Does The Regulation Come Into Effect?
Companies that are either located in or do business with people based in the European Union (EU) and the European Economic Area (EEA) must comply with this requirement by the 31 December 2020.
Most regulators are expected to follow this schedule, but there might be exceptions. The regulators in the UK, France and Denmark have announced a longer, 18-month introductory phase to give banks and businesses time to prepare for the changes.
6. What Can I Do To Get My Hotel PSD2 Ready?
The best way to ensure compliance with SCA is to start a discussion with your online merchant well-ahead of the 2020 deadline. Ask them about 3D Secure protocols, also known as payer authentication. 3D Secure is an added security layer that is designed to prevent online credit card fraud.
You may hear the term, 3DS2 which stands for 3D Secure 2. It refers to a more seamless authentication process that provides a better user experience compared to 3D.
7. How Will The Online Booking Process Change For My Guests After The Deadline?
In some cases, there might be an extra step added to the reservation process. Guests can be prompted by their bank to complete an online ‘challenge’ such as presenting a one-time passcode, answering a security question or providing a fingerprint scan.
But this will only affect the minority of customers, even after SCA implementation.
8. What Should I Say To Guests About PSD2?
Explain to guests that these safeguards have been put into place to protect their payment details. Encourage your customers to contact their bank to confirm their password or to provide their mobile number for text message authentication.
9. How Will This Affect My Hotel’s Online Conversion?
This will be the ultimate question on every hotelier’s lip. There is no definite answer. As with every update, there might be a transitional period full of uncertainty. Your website conversion rate may fall for a time as frustrated and confused guests abandon the booking process.
For the long term, improved online shopping security should help your hotel build consumer trust, nourish brand loyalty and improve user experience.