-
Strong Customer Authentication (SCA) is a new requirement of the second Payment Services Directive (PSD2), which aims to add extra layers of security to electronic payments within the European Economic Area (EEA) and the United Kingdom.
-
The widely adopted method of complying with the SCA’s requirements is 3D Secure 2.0. Currently, Cloudbeds supports 3D Secure for Cloudbeds Payments and the latest version of Stripe.
-
This article discusses the new regulation and how it impacts (or does not) Cloudbeds customers.
Executive Summary
- The SCA requirement for electronic payments was enacted on 14 September 2019 in Europe.
- The widely adopted method of complying with the SCA’s requirements is by using 3D Secure 2.0
- A card payment will be within the regulation if both the cardholder’s bank and the business’s payment provider are located in the European Economic Area (EEA).
- Several exemptions exist for SCA, including:
- Transactions below 30 Euros.
- Low-risk transactions as identified by the Payment Provider (Stripe, etc).
- Monthly recurring subscriptions that are for the same amount each month.
- Whitelisted businesses that the customer identifies for their account.
- Secure Corporate Payments (corporate cards, corporate payments made via virtual cards as used in the travel sector).
- A minority of card-issuing banks in the EEA may require SCA for all payments regardless of business location.
Frequently Asked Questions
1. Will the SCA apply to me?
Properties outside of the European Economic Area - No.
As stated, the SCA will only apply to businesses if both the following are true:
- The business's payment provider is in the EEA (European Economic Area).
- The cardholder's (guest's) bank is located in the EEA.
If your property is located outside of Europe, your payment gateway/provider is almost certainly not in Europe. In that case, the SCA will not apply to you.
Properties inside the European Economic Area - Yes.
For properties inside the EEA, payments made by guests using a cardholder bank located in the EEA will be subject to the SCA, as described in the Executive Summary above.
2. Which payment processors are supported by 3D Secure 2.0 in Cloudbeds?
Currently, Cloudbeds supports 3D Secure for Cloudbeds Payments and the latest version of Stripe.
3. How will OTA reservation payments work with the SCA?
In short, this answer will vary from OTA to OTA. Cloudbeds recommends that you work directly with your connected OTA's to determine how they will leverage and support 3D Secure 2.0 for guest reservation payments.
Example: Expedia
Expedia suggests using the Expedia Virtual Card (Expedia Collect) to avoid issues with SCA on reservations made through its platform.
Guidelines for Properties Affected by SCA:
1. If you are using Cloudbeds Payments or Stripe as your payment processor
Learn how 3D Secure works with each payment processor:
2. What if I am impacted by the SCA and not using Stripe or Cloudbeds Payments?
Several payment gateway connections integrated with Cloudbeds utilize a third-party system to tokenize and store payment data. That third-party system does not support 3D Secure 2.0, so payments made on those gateways will fail if the SCA impacts them.
While it is technically feasible for you to accept non-SCA payment transactions using one of these payment gateways, Cloudbeds strongly recommends switching to Cloudbeds Payments or Stripe to leverage 3D Secure 2.0 for all SCA-impacted payment transactions.
If you remain on a payment gateway not supporting 3D Secure 2.0, a significant portion of your guest payments may fail.
3. What payment gateway is available in my country and supports 3D Secure 2.0?
Currently, Cloudbeds supports 3D Secure for Cloudbeds Payments and Stripe.
Visit the following links to check if it's available in your country:
4. Payment Flow Chart
The following theoretical payment flow chart is designed to help property owners understand how payments function with SCA.
Comments
Please sign in to leave a comment.