PSD2 is an abbreviation for the second Payment Services Directive, which is a new directive in the EU which went into effect in September 2019. These mandates are meant to:
- Make payments safer and more secure
- Protect consumers
- Build a more unified European payments market
This law requires any non-recurring online transaction over 30 EUR within the EU to have safe and reliable two-factor authentication. This applies even if one party (payer or payee) is not in the EU when the purchase takes place.
What is two-factor authentication?
Two-factor authentication is a security process that requires two types of credentials for verification to reduce security breaches. As an example, if a consumer makes an online purchase over 30 EUR, that individual must confirm the purchase with a combination of two different types of identification factors. Different types of Identification factors are:
- Possession – something in the individuals possession they have access to, such as a mobile phone or a smart chip
- Inherence – a characteristic of the person, like biometric data like fingerprints or face ID
- Knowledge – something only the person knows, such as a password, secret question, PIN, authentication key
What does it mean for my accommodation provider/s (hotel/hotel chain)?
These laws influence the process of direct website booking and your website’s booking page. It is important to clearly state how you plan to use credit card data in your terms of use (ex. Late cancellation? Payment for the cost of the hotel stay? Guarantee for possible fees/no shows? To cover additional expenses while on-premise, like minibar use? etc.). Guests are requested to accept your terms of use upon booking. Advanced payments above 30 EUR that are made through your website’s booking engine must include two-factor authentication.
It is important to note, PSD2 regulations are exclusively for online payments. If you receive credit cards from travel agents, online travel agents (OTAs) or directly from the guest over the phone or email, 2-factor authentication is not required for these transactions.
PSD2 compliance with HyperGuest
HyperGuest uses various payment processors as a payment service provider and thus offers all possibilities to accept payments in such a way that it complies with the requirements of the PSD2. If you are using a third-party booking solutions, please contact the third-party booking engine and clarify their compliance with the requirements of the PSD2.