The new PSD2 Directive on Online Transactions and how this will affect hotel bookings.
From 14 September the new Regulation of the European Union, which specifies specific provisions of Directive (EU) 2015/2366 "on payment services", namely online transactions, applies.
What is psd2?
Following the implementation of the PSD2 Directive, all consumers are required to use two-factor authentication for credit card payments in order to prove their identity. This means that consumers, in addition to card details (number, name, expiration date and CVC) will have to provide both of the following:
- Something they know (password or PIN)
- Some item that belongs to them (e.g., credit card)
- Some personal data (biometric data, e.g. fingerprint)
It applies to all online transactions, regardless of product or service.
The Directive begins on 14 September 2019, and banks have been given a period of adjustment.
For the Directive to apply, both of the following criteria must be met:
- The company is active within the European Economic Area (i.e. the bank that cooperates with the hotel to be within (EEA), and
- The customer's credit card bank to operate within the EEA
For example, if a Greek with a credit card from a Greek bank implements a hotel reservation in France the PSD2 directive will apply. If a traveller from the United States (apparently by credit card from a US bank) makes a hotel reservation in Greece, the PSD2 directive will not apply.
The purpose of the implementation of the Directive is to:
- safer online transactions and fraud avoidance;
- reduction of transaction disputes, and
- increasing the use of online payment systems, since it reduces overall service costs (e.g. cost of credit machines, support, networks, etc.)
How does it affect online transactions of hotels and accommodation?
Each hotel can be booked online, either directly or via OTA (such as Booking.com, Expedia.com, etc.). The most common cases we encounter are:
- Prepaid Bookings via OTA or online billing system
For online bookings subject to an online payment model (if this is enabled by the hotel), companies such as Booking.com Payments By Booking and Expedia.com (Expedia Collect) have already adapted to the directive. In other words, when the customer chooses this payment method, they will need to make the identification.
Hotels in this case will normally receive the virtual card, and the process remains as it is.
The same applies to cases where the hotel's website has a direct debit system where here the hotel has to arrange, in cooperation with the bank or the external partner, for the necessary changes to the online system of his reservations.
- Payment reservations at the hotel
It concerns all online selling channels, either directly or via OTA, for which the customer pays at the hotel.
In case the reservation is without prepayment or advance payment, the customer will fill in his card details as a "guarantee", which will be sent by the same procedure to the hotel. Due to the fact that these bookings do not make an online payment, the PSD2 directive will not apply, so the customer will not make additional identification.
- Non-refundable reservations or prepayment/cancellation fee
This case is the most special. Until now, most hotels manually charged the customer's card prior to arrival (and upon arrival the customer asked for the signature), hoping that in case of cancellation the appearance would not be contested.
It remains to be confirmed by the banks whether this possibility will remain an option after the implementation of the directive.
What are the options for hotels?
OTAs have already implemented the application for payment supresces (Payments by Booking, Expedia Collect, etc.). Therefore, these transactions remain secure and the only change will be for the customer's procedure.
For bookings with a flexible policy, payments will normally be implemented at the hotel in the presence of the customer.
The only "problematic" case is when the hotel wants to charge, without the presence of the customer (non-refundable reservation, reservation with deposit, cancellation fee).
Since it is not clear for the time being whether the card will be able to charge manually, it is recommended to contact the bank.
Besides, the options (each with its advantages and disadvantages) available to hoteliers are:
- Application of an online payment system that complies with the PSD2 directive for bookings through the hotel's website from an external provider. This option ensures transactions, but extra costs (subscription or commission) are mediated and a reservation as to whether the conversion of the booking engine is positively or negatively affected.
- Activate the payment model via OTA (Payments by Booking, Expedia Collect), which secures part of the transactions (bookings that the customer will choose to pay with this payment model). Although extra costs (virtual credit card commission) are required in some cases, it has the added advantage of providing alternative payment methods to the customer.
- Enable the ability to collect cancellations in OTA (valid only for Expedia, where available, Expedia Traveler Preference), where the TAB undertakes to charge the card in 2nd year, and then sends a virtual card to the hotel. Although provided only by Expedia, it seems like an attractive option with no obvious drawbacks. Expedia does not guarantee the collection of cancellations, since the customer may refuse to make psd2 identification.
Factors to consider hotels.
There is clearly no question of non-compliance with the Directive. Before hotels implement any of the present or future solutions, they must consider a number of factors, such as:
- Whether the solution is for the benefit of the hotel and the hotel
- The direct or median costs of each solution
- The influence of the conversion of each selling channel (mainly for direct bookings)
- Maintain a common policy on online channels so as not to "burden" a selling channel (especially direct online bookings)
The new PSD2 directive was clearly introduced for the benefit of consumers by ensuring transactions, which in the long term is also expected to help businesses (potentially lower costs, fewer disputes, etc.).
In the short term it will certainly affect both the transactions and the day-to-day operation of hotels, and especially until the banks, OTAs and customers are fully adapted to the new directive.
At this stage there are the options and tools mentioned, and they are clearly solutions for several companies (at least in the medium term). This does not necessarily mean that hoteliers have to hurry up and adopt any of these solutions, since in the next period the market will be adjusted. In particular, when it is not yet known whether the option of manual transaction by credit card devices will remain (legal and secure).
In any case, hoteliers have to monitor developments and how the market will be adjusted in order to choose the solution that is most advantageous to their business, without removing a customer and/or damaging the sales strategy.