Strong Customer Authentication (SCA) and 3D Secure 2.0: Everything you need to know

Follow

Strong Customer Authentication (SCA) is a new requirement of the second Payment Services Directive (PSD2), which aims to add extra layers of security to electronic payments within European Economic Area (EEA) and the United Kingdom.

The widely adopted method of complying with the SCA’s requirements is by using 3D Secure 2.0. Currently, Cloudbeds supports 3D Secure for Cloudbeds Payments and the latest version of Stripe.

This article discusses everything about the new regulation and how it impacts (or does not impact) Cloudbeds customers.

Executive Summary

  • The SCA requirement came into force on 14 September 2019 in Europe for electronic payments.
  • The widely adopted method of complying with the SCA’s requirements is by using 3D Secure 2.0
  • A card payment will be in scope of the regulation if BOTH the cardholder’s bank and the business’s payment provider are located in the European Economic Area (EEA).
  • Several exemptions exist for SCA, including:
    • Transactions below 30 Euros.
    • Low-Risk transactions as identified by the Payment Provider (Stripe, etc).
    • Monthly recurring subscriptions that are for the same amount each month.
    • Whitelisted businesses that the customer identifies for their account.
    • Secure Corporate Payments (corporate cards, corporate payments made via virtual cards as used in the travel sector).
  • A minority of card issuing banks in the EEA may require SCA for all payments regardless of business location.

Frequently Asked Questions

Will the SCA apply to me?

Properties outside of the European Economic Area

In short, No.

Simply stated, the SCA will only apply to businesses if both the following are true:

  1. The business's payment provider is located in the EEA (European Economic Area).
  2. The cardholder's (guest's) bank is located in the EEA

If your property is located outside of Europe, then almost certainly your payment gateway/provider is not located in Europe either. In that case, the SCA will not apply to you.  

Properties inside the European Economic Area

In short, Yes.

For properties inside the EEA, payments made by guests using a cardholder bank that is also located in the EEA will be subject to the SCA as described in the Executive Summary above.

When will the SCA be fully implemented in the UK?

As of 14 March 2020, firms should already be complying with requirements for SCA with respect to online and mobile banking.

The UK regulator previously agreed to give firms extra time to implement SCA in response to concerns about industry readiness, and to limit the impact on consumers and merchants. They have decided to extend the deadline by 6 months to 14 March 2022.

Which Payment Processors are supported for 3D Secure 2.0 in Cloudbeds?

Currently, Cloudbeds supports 3D Secure for Cloudbeds Payments and the latest version of Stripe.

How will OTA reservation payments work with the SCA?

In short, this answer will vary from OTA to OTA.  Cloudbeds recommends that you engage directly with your connected OTA's to determine how they will leverage and support 3D Secure 2.0 for guest reservation payments.

Example: Expedia

In Expedia's case, they recommend that properties leverage the use of Expedia Virtual Card (Expedia Collect) to eliminate the impact of SCA on reservations received through Expedia:

Guidelines for Properties that are impacted by the SCA

What if I am impacted by the SCA and not using Stripe or Cloudbeds Payments?

Several payment gateway connections integrated with Cloudbeds integrated utilize a third-party system to tokenize and store payment data. That third-party system does not support 3D Secure 2.0, so payments made on those gateways will fail if they are impacted by the SCA.

While it is technically feasible for you to accept non-SCA payment transactions using one of these payment gateways, Cloudbeds strongly recommends that you switch to Cloudbeds Payments or Stripe so that you can leverage 3D Secure 2.0 for all SCA-impacted payment transactions.  

If you remain on a payment gateway that does not support 3D Secure 2.0, a significant portion of your guest payments may fail.

What payment gateway is available in my country and supports 3D Secure 2.0?

Currently, Cloudbeds supports 3D Secure for Cloudbeds Payments and Stripe.

Visit the following links to check if it's available in your country:

Payment Flow Chart

The following theoretical payment flow chart is designed to help property owners understand how payments function with SCA.

Guest Payment Scenarios

Legend

For more detailed information, please visit:

Useful Resources pertaining to the SCA:

Powered by Zendesk