SCA is an element of the new PSD2 legislation that is being introduced across the European Economic Area. The legislation was supposed to come into effect on 14 September 2019. However, a new deadline of 1 January 2021 has been introduced to enable a smoother transition period for online businesses complying with these SCA measures.
Exceptions from these dates are France and the UK. Deadline for France is 14 March 2021, and for the United Kingdom it is 14 September 2021.
The SCA requires all online businesses to implement more thorough payment authentication measures if both the cardholder and the business’ bank are located in the EEA. This is to ensure that a guest paying at one of your properties is the right card owner.
Under SCA, cardholders must be authenticated using at least two of the three following methods:
- Something the customer knows (e.g. a passport or PIN),
- Something the customer has (e.g. a phone or hardware token),
- Or something the customer is (e.g. using face or fingerprint recognition)
How a customer chooses to pay for their reservation and which payment solution a partner has implemented determines the SCA requirements that apply.
How are we supporting properties?
We can only support properties with SCA if they’re using one of our payment solutions, where we partially or fully facilitate payments. These are the Virtual Credit Card model and Bank Transfer model. These payment solutions allow us to support properties to ensure they face minimal operational impact due to SCA. Many properties already use these payment solutions, but we’re working on expanding the eligibility criteria so that even more properties in the EEA can use them. We’ll also be making more improvements to our payment solutions in the near future.
What does it mean for me, as a Connectivity Partner?
Because the majority of properties in the EEA are already eligible for at least one of our payment solutions – which enable us to offer SCA support – we aren’t planning any updates to the Reservations API or changes to our Connectivity solutions.
This means there will be no development required from your side at this point of time. We do ask you to encourage your properties to join one of our payment solutions.
Why was this decision made?
We believe that authorisation should remain a part of the payment process. Dividing the responsibility for a single payment creates confusion and an unclear experience for guests, properties and Connectivity partners.
Sharing crypto tokens is not a travel industry standard yet. Additionally, if we were to collect crypto tokens for every reservation, this would also limit our ability to identify exceptions to the regulations. This would make it difficult to maximise reservations for properties.
Splitting the transaction makes things less transparent for bookers. We want guests to know how much they’ll be charged and for what at all times. If we split the process, this becomes less transparent and impacts bookers’ overall experience.
What happens to properties on the Virtual Credit Card (VCC) payout model? (also called, the Online Payments)
If a property is already on Online Payments, where some of the payments are facilitated by Booking.com, this is how we can support:
- If a guest chooses to pay online, we’ll take care of authenticating their payment transaction on behalf of your properties.
- If a guest chooses to pay the property directly and their card is charged in-person at check-in or check-out, SCA shouldn’t apply and they can continue to do this the same way.
- If a guest chooses to pay the property directly and their card is charged remotely (e.g. for pre-payments, deposits, or no-show fees), SCA may apply. While we don’t process these payments, we offer support at the time of reservation by assessing whether a guest’s payment may be subject to SCA:
- If we believe that SCA may apply, we’ll ask the guest to pay through our Online Payments service.
- If we believe that the payment isn’t subject to SCA, the guest can continue to either pay online or directly at the property.
- Properties may still face declines when trying to charge customer cards remotely because card-issuing banks might change how and when they roll out SCA. In these cases, properties can still use the invalid credit card process.
What happens to properties on the Bank Transfer payout model? (also called Payments by Booking)
Properties that are on Payments by Booking already have all their payments facilitated by us. In this case, we’ll authenticate all transactions on their behalf and they won’t need to take any action.
What happens to properties that don’t use any of out payments solutions
We can’t offer support to properties that aren’t using one of our payment solutions. But if a property is eligible, we’ll recommend them to opt in to one of our solutions so that we can support them in meeting SCA requirements and minimise the impact on their operations.
If a property chooses not to sign up, and they charge the customer’s card in-person at check-in or check-out, SCA shouldn’t apply and they can continue to do this the same way. However, if the property charges their card remotely (e.g. for pre-payments, deposits, or no-show fees), SCA may apply. In these cases, properties will need to manage their payments and SCA authentication themselves for all relevant transactions. We suggest these properties contact their Payment Service Provider, who will be able to advise them on meeting these SCA requirements with the least impact to both the properties and guests.
How can I find out which properties are eligible for Booking.com payments solutions?
In comparison to last year, we made extensive changes to our eligibility criteria in order to help properties deal with the upcoming SCA requirements in an easier way. You will find that a big majority of our properties are eligible for at least one of our payment solutions.
There are however some exceptions for properties which do not deal with credit cards at all (e.g. cash only properties).