How will SCA and 3D Secure 2 impact my guests?
In this article
- What are SCA and 3D Secure 2?
- How will SCA and 3D Secure 2 impact my guests?
- How will SCA and 3D Secure impact me?
What are SCA and 3D Secure 2?
On the 14th of September 2019, a new set of European standards and procedures related to online payments, called Strong Consumer Authentication (SCA), is scheduled to come into force. This is the part of Payment Services Directive 2 (PSD2) which is a new European regulation aiming to standardize and improve the security of electronic payments, including online payments.
3D Secure 2 (3DS2) is a new standard for authenticating online payments, which commonly uses additional SMS and/or email authentication for payments, on top of other security measures. It is the most common technical solution for performing Strong Consumer Authentication.
How will SCA and 3D Secure 2 impact my guests?
Which payments will be subject to 3DS2?
3DS2 selects payments which need additional authentication, based on a variety of different factors, including, but not limited to: value of the transaction, its type, who initiated the transaction, number of payments made with no authentication previously and many more. In addition, different banks and other financial institutions differ on some technical aspects of 3DS2. What is more, national financial regulators in Europe have agreed to a variety of transition periods starting on 14th September 2019, during which they will not enforce 3DS2 fully.
This unpredictable landscape makes it very hard to create a single set of rules, describing whether any given payment made by a guest will be subject to 3DS2 authentication or not. However, it is certain that the guests will be required to undergo 3DS2 authentication much more often than before, which will increase the security of the payments that they make.
How is BookingSync prepared to support 3DS2?
Despite the complicated regulatory and technical landscape, at BookingSync we have made preparations to support 3DS2 authentication within all the payment flows your guests may encounter.
As a reminder, only 2 payment gateways are currently SCA supported: Stripe and BookingPay. Other payment gateways are not compliant with SCA - if you have payment flows which use them on your account (eg. one of SCA unsupported gateways is selected as a payment method attached to your rental) you will still be able to use that payment gateway, however you will be under increased risk of the payment being automatically declined whenever authentication scenario occurs. If you still did not make a switch to one of the three SCA supported gateways mentioned above, we encourage you to consider a switch as soon as possible.
Payments made by your guests might happen to not require authentication in some circumstances, however if they do require authentication, several mechanisms were introduced to support all such cases.
For these payments which originate from the guest, such as payments coming from payment links and instant bookings, guests will be instantly redirected to 3DS2 authentication page.
For so called off-session payments, which are not initiated by the guest, they will receive an email prompting them to authenticate the payment with a link redirecting them to an authentication page.
Find here a detailed overview of different payment possibilities:
- Direct payments via BookingSync payment links
The BookingSync payment link that you can generate for each reservation drives your guests to a payment page that will redirect them directly to the 3DS2 authentication page.
- Instant bookings via BookingSync website
The BookingSync website payment page will redirect your guests directly to the 3DS2 authentication page.
Airbnb is in charge of collecting the payments of all your reservations made via their platform. No change for you or your guests, the 3DS2 is managed by Airbnb directly.
The impact will depend on the way you manage your payments with Booking.com.
- Payments by Booking.com: they are in charge of collecting the payments of all your reservations made via their platform. No change for you or your guests, the 3DS2 is managed by Booking.com directly.
- Payments via BookingSync payment links: same as Direct payments via BookingSync payment links.
- Automated payments via BookingSync: once payment is processed via the link, your guests will receive an email to authenticate the payment. They have 12 hours to authenticate the payment otherwise credit card will be reported as invalid.
There is no change in the current booking process with Vrbo/Abritel. For more information we highly recommend you to read this article on how to manage your reservation with Vrbo.
In the case of a high number of declined payments, we advise you to turn off online booking and to keep only invoice booking activated.
Please refer to the following setting modification:
- Go to your BookingSync account > Apps > HomeAway > Settings:
- Untick the box “Allow credit card payment in OLB process” and tick the box “Allow invoice payment in OLB process”
Please note: the authentication page itself will be served by the bank or other financial institution which is processing the payment. These are not issued by BookingSync.
How will SCA and 3D Secure 2 impact me?
For a detailed description of the impact of new regulations on the payments that you make please see: How will SCA and 3D Secure 2 impact my usage of BookingSync?