3D Secure User Guide - Everything you need to know

Follow

Starting September 14, 2019, new European regulatory requirements called Strong Customer Authentication (SCA) will introduce requirements for 2-factor authentication on many payments in the European Economic Area (EEA).

The EEA is comprised of: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom, Iceland, Liechtenstein, and Norway.

Currently, Cloudbeds only supports 3D Secure feature through our latest version of Stripe. Check out this article to update your Stripe connection if needed.

Please check the details of each part of the system which requires 3D Secure

Cards processed on mybookings booking engine

1. When your guest fill out the billing details with a card that requires 3D Secure, extra authentication steps will be required

2. The guest needs to confirm the payment - Depending on the institution (bank), different kind of authentication could be requested (fingerprint, passwords, SMS Code, etc) to confirm the payment

  • As these are actions performed by a third-party, Cloudbeds can not control it.
  • In case your guests have any issues during these steps above, they need to contact the bank to get more details on why it happened
  • If the authentication is successful, the reservation will be created
  • If it is denied/failed, the reservation will be created with the Canceled Status
Cards added manually to myfrontdesk reservations or received from OTAs

Step 1- When there is a request for the card to be stored, authorized or charged for the first time and there's a 3D Secure verification, the system will trigger an email to the main guest.

Cloudbeds will send out 3 different emails based on the use case:

  • Authentication request email → when myfrontdesk is storing the card
  • Authorization request email → when myfrontdesk is authorizing the card
  • Payment request email → when myfrontdesk is charging the card

Notes About Automatic Emails:

  • Please note that it's not possible to send emails to other guests on reservations except the main guest
  • Emails can not be edited like a custom template
  • Emails are automatically triggered and it's not possible to choose which email is sent - This is decided by myfrontdesk and Payment Gateway logic
  • Both property and the guest receive a confirmation of authentication, authorization or payment when they approve or decline. 
  • Payment and Authorization request emails contain information about the reservation amount. Authentication email (when card is being stored) does not contain any information about the reservation amount

Step 2- When the credit card is stored, the main guest will receive an email to approve/decline the transaction

Step 3 - If the guest clicks to "Approve", they will be redirected to their bank’s page to perform authentication (e.g. password, fingerprint, token, SMS Code, etc.)

Step 4- If the authentication was approved, the guest will be redirected to a thank you page

  • The guest may approve or decline the request. Both guest and the property staff will receive an email confirmation notifying them about it.
  • After the guest has approved the first request, consequent transactions for most cards won’t require 3D Secure authentication
  • Some cards will need to be authenticated for every transaction (this is decided by the card’s bank). In this case, Cloudbeds sends an email for each transaction.

If the guest declines, they will be redirected to a page that tells them to contact the property.

The users can at any point resend the emails from the Email Messages tab on the reservation's page (1) or from Email Delivery Log tab (2).

Step 4 - When a payment request is sent to the guest a "Payment Pending" is added to the reservation folio.

If the reservation is canceled or no show, then the "Payment Pending" will be removed and the link to it in the email will expire. 

Please note:

  • Pending payments can't be automatically allocated even if the Payment Allocation box is checked. In this case, the payment need to be allocated after the payment is posted (authenticated by the guest) on the guest's folio.

Please refer to this article to learn how to Allocate the Payment: Allocation of already posted transactions on the folio

When the property or the guest cancels the request and the guest tries to click on the link again, they can not approve/deny the request anymore and the following error will be displayed:

If you add a new payment using the credit card which already has a pending guest authentication, the following warning message will be displayed

It's recommended to wait until guest authenticates or cancel the pending payment in the folio before adding additional payments.

Cards recieved in OTA reservations (scheduled payments)

Important: Virtual cards are not required to be authenticated by 3D Secure. 

As soon as the card has been received from myallocator (channel manager by Cloudbeds)/OTA, Cloudbeds will send an email to the main guest. Which email is sent out depends on the setting in Payment options page as shown below:

  • Do nothing → Authentication request email will be sent
  • Process immediately → Payment request email will be sent
  • Postpone processing → Authentication request email will be sent
  • Authorize immediately → Authorization request email will be sent
  • Postpone authorization → Authentication request email will be sent

Learn more about Scheduled Payments here: Payment Processing Setup

Cards added to House Accounts

Step 1- The cards that need to be authenticated by 3D secure will trigger a modal where the user should enter an email address.

Step 2 - The user will see a modal when email is sent to the guest for authentication, authorization, and payment

Step 3 - "Payment Pending" approval will be added to the house account and posted after the guest's approval.

Please Note:

  • From Email Delivery Log tab, the user should be able to resend the House Account emails and also check if the email was sent to the correct address.
  • Emails triggered in House Account don’t contain any item or reservation information. Check an example below:
Cards added to Groups

Groups feature always requests the card holder’s email like house accounts. The cards that need to be authenticated by 3D secure will trigger a modal where the user should enter an email address.

Please Note:

  • From Email Delivery Log tab, the user should be able to resend the Groups emails and also check if the email was sent to the correct address
  • Emails triggered in Groups feature don’t contain any item or reservation information. Please check below an email example:
Frequently Asked Questions
Which properties will be affected by 3D Secure CSA Regulation?

The European Economic Area (EEA) is comprised of: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom, Iceland, Liechtenstein, and Norway.

Which Payment Gateway supports 3D Secure?

Currently, Cloudbeds only supports 3D Secure feature through our latest version of Stripe. If you do not have the latest version of Stripe, please visit this article for further information: Updating your Stripe Connection

Is it possible to send emails to other guests on reservations added manually to myfrontdesk or received via OTAs?

Currently, it's not possible - only the main guest will receive the email, but our development team is planning to add this option in future releases.

Is it possible to resend emails from Folio tab?

No. In order to resend emails, you should use Email Messages tab from reservation's page or the Email Delivery log tab to resend emails.

Please check further info about these options in the section "Cards added manually to myfrontdesk reservations or received" of this article.

How to cancel Pending Payment?

For any reason, property may wish to cancel a pending payment. The system allows the user to cancel in two ways:

  1. Under guest's folio
  2. Under Credit Card tab
How can I track my Pending Payments?

To check if you have Pending Payments that are waiting for 3D Secure authentication, you can use the following reports:

Payment Processing Report

  1. Navigate to Reports  -> Payment Processing Report
  2. When opening up the report you can filter by Pending Status

The system will show you the list of Pending Payments

Payment Ledger Report

  1. Navigate to Reports  -> Financial Reports -> Payment Ledger
  2. When opening up the report you can filter by Pending Transactions
  3. Or, you can simply sort by Description by clicking on the column name
What happens if the guest puts the wrong information into the banks authentication page by accident? Is it possible to go back to the reservation and restart the payment?

In such case, the payment will need to be restarted. The following steps need to be taken:

  1. The guest needs to contact the property directly
  2. The property needs to cancel the pending payment (using the options described on 'How to cancel Pending Payment? under the FAQ section of this article)
  3. The property needs to add the payment manually again to resend the email to the guest
What happens to authorizations when the reservation is cancelled? Does the system release funds?

No, the system does not release funds. The property can still capture that depending on the cancellation settings.

What happens if the property tries to charge a cancellation fee and the amount is different to the authorized amount?

The myfrontdesk user will be able to charge the amount even if is different to the authorized amount.

How to ensure that the property receives the cancelation fee if the guest denies the authentication and the property has a non-refundable or cancellation / no-show policies?

If the guest denies the payment authorization for Cancellation, No/Show or Non-refundable booking means that the property will not be able to process the charge.

Currently, myfrontdesk not automating cancellation/no-show policies yet and the cancellation/ no show fees, so it's hard to charge if the guest denies the authentication. Here we have a few recommendations to minimize this scenario:

  • In mybookings terms & conditions input 3D CSA information stating that guest is fully responsible for authorizing such charges and failure
  • Contact your OTAs to check if you can use Virtual Cards as payment options since virtual cards are not required to be authenticated by 3D Secure
  • Pre-stay Deposits: we recommend you to collect deposit before the actual check-in date. This means you will collect the balance in full at the time of booking. You can set/change your Policies settings here
How to proceed if I sent the email from House Account / Group Folio to a wrong address?

On House Accounts and Groups pages, the cards that need to be authenticated by 3D secure will trigger a modal where the myfrontdesk user should enter the guest's email address.

To check if you sent the email to the correct address, please access the Email Delivery Log tab to double-check

If you realized that you sent to a wrong email address, please proceed with the following steps

Click to Open the corresponding House Account / Group Account

  1. On the House Account / Group Folio, you will see the Pending Payment - Click to Cancel
  2. In order to send a new email, go ahead and add the payment again
  3. Enter the correct email address
3D Secure Stripe Settings

Stripe account allows an optional 3D Secure settings for properties not based in the European Economic Area (EEA). Check further info on this knowledge base article: 3D Secure Settings

3D Secure and OTAs

Expedia

For further info on how Expedia handles the 3D Secure Regulations, please check further information on our Expedia Connection Guide

Have more questions? Contact Support

Comments

Powered by Zendesk