3D Secure - Overview & FAQ

Follow

On September 14, 2019, new requirements known as Strong Customer Authentication (SCA) were introduced to increase the security of electronic payments. These requirements apply to transactions where both the business and the cardholders bank are located in the European Economic Area (EEA)

The EEA is comprised of: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom, Iceland, Liechtenstein, and Norway.

This article provides details of each part of the system which requires the 3D Secure. Currently, Cloudbeds supports 3D Secure for Cloudbeds Payments and the latest version of Stripe.  

How does it work?

When there is an action to be performed on credit card details saved in the system (store / authorize / charge), the cardholder has to confirm the request by completing a multi-factor authentication on the card provider's 3D secure web page. Depending on the institution (bank), different kind of authentication could be requested (fingerprint, passwords, SMS Code, etc).

See below different ways the card can be processed and how the 3D Secure presented to the guest.

Cards processed on mybookings booking engine
  1. When your guest fill out the billing details with a card that requires 3D Secure, extra authentication steps will be required.
  2. The guest needs to confirm the payment - Depending on the institution (bank), different kind of authentication could be requested (fingerprint, passwords, SMS Code, etc) to confirm the payment.
  • As these are actions performed by a third-party, Cloudbeds cannot control it.
  • In case your guests have any issues during these steps above, they need to contact the bank to get more details on why it happened.
  • If the authentication is successful, the reservation will be created
  • If it is denied/failed, the reservation will be created with the Canceled Status.
Cards added manually to myfrontdesk reservations or received from OTAs

With 3D Secure verification, the system will trigger an email to the main guest to Approve or Decline when there is a request for their card to be stored, authorized or charged for the first time.

  • After the guest has approved the first request, consequent transactions for most cards won’t require 3D Secure authentication
  • Some cards will need to be authenticated for every transaction (this is decided by the card’s bank). In this case, Cloudbeds sends an email for each transaction.
  • Both property and the guest receive a confirmation of authentication, authorization or payment when they approve or decline.

Cloudbeds will send out 3 different emails based on the use case:

  1. Authentication Request Email → when myfrontdesk is storing the card
  2. Authorization Request Email → when myfrontdesk is authorizing the card
  3. Payment Request Email → when myfrontdesk is charging the card

Notes about the automatic emails:

  • Please note that it's not possible to send emails to other guests on reservations except the main guest.
  • Emails cannot be edited like a custom template.
  • Emails are automatically triggered and it's not possible to choose which email is sent - This is decided by myfrontdesk and Payment Gateway logic.
  • Both property and the guest receive a confirmation of authentication, authorization or payment when they approve or decline. 
  • Payment and Authorization request emails contain information about the reservation amount.
  • Authentication email (when card is being stored) does not contain any information about the reservation amount
1. Authentication Request Email

When manually adding a credit card details to a reservation, the system will send an email to the main guest to authenticate the card before it can be charged or authorized.

The guest can either Approve or Decline the authentication request by clicking the links in the email.

Authentication Approved

When the guest clicks to Approve, they will be redirected to their bank's page to perform authentication (e.g. password, fingerprint, token, SMS Code, etc.)

If the authentication was approved by the bank, the guest will be redirected to a thank you page. Now you will have the option to either  authorize or charge the guest's card.

Authentication Declined

When the guest declined the authentication, they will be redirected to the page like shown below.

If the guest accidentally declined the request, you can try to authorize or charge the guest credit card, another Authentication Request Email will be sent with new Approve or Decline links.

2. Authorization Request Email 

When authorizing a card that has not been authenticated before, the system will send an authorization request email to the main guest.

Authorizing a card won't process the payment, it will only check and hold the specified amount for a period of time (7 days for Stripe, 30 days for Cloudbeds Payments).

The guest can either Approve or Decline the authorization request by clicking the links in the email. In the email the guest will find the necessary details about the reservation.

Authorization Approved

When the guest clicks to Approve, they will be redirected to their bank's page to perform authentication (e.g. password, fingerprint, token, SMS Code, etc.)

If the authentication was approved by the bank, the guest will be redirected to a thank you page. Now you will have the option to charge the guest credit card.

Authorization Declined

When the guest declined the authentication, they will be redirected to the page like shown below.

If the guest accidentally declined the request, you can try to authorize or charge the guest credit card, another Authorization Request Email will be sent with new Approve or Decline links.

3. Payment Request Email

When attempting to charge your guest credit card that has not been authenticated before, the system will send a payment request email to the main guest.

The guest can either Approve or Decline the payment request by clicking the links in the email. In the email the guest will find the necessary details about the reservation.

  • The payment will be pending to be processed in the guest's folio until the guest approve the request. To check the payment see the steps described here: Where can I see the payment with pending approval from guest? (add hyperlink)
  • Pending payment will not be automatically allocated. See more details: Will the pending payment be automatically allocated? (add hyperlink)
Payment Approved

When the guest clicks to Approve, they will be redirected to their bank's page to perform authentication (e.g. password, fingerprint, token, SMS Code, etc.).

If the authentication was approved by the bank, the guest will be redirected to a thank you page. The previously pending for approval payment will be processed and posted in guest's folio inside their reservation.

Payment Declined

When the guest declined the payment, they will be redirected to the page like shown below.

If the guest accidentally declined the request, you can try to authorize or charge the guest credit card, another Payment Request Email will be sent with new Approve or Decline links.

Cards received in OTA reservations (scheduled payments)

Virtual cards are not required to be authenticated by 3D Secure. 

As soon as the card has been received from myallocator (channel manager by Cloudbeds)/OTA, Cloudbeds will send an email to the main guest. Which email is sent out depends on the setting in Payment options page as shown below:

  • Do nothing → Authentication request email will be sent
  • Process immediately → Payment request email will be sent
  • Postpone processing → Authentication request email will be sent
  • Authorize immediately → Authorization request email will be sent
  • Postpone authorization → Authentication request email will be sent

Learn more about Scheduled Payments here: Payment Processing Setup

Cards added to House Accounts

Step 1. The cards that need to be authenticated by 3D secure will trigger a modal where the user should enter an email address.

Step 2. The user will see a modal when email is sent to the guest for authentication, authorization, and payment.

Step 3. Payment Pending approval will be added to the house account and posted after the guest's approval.

  • You can check the Email Delivery Log tab, to see if the House Account email was sent to the correct address or to resend the emails.
  • Emails triggered in House Account don’t contain any item or reservation information. Check an example below:
Cards added to Groups

The system always requests the card holder’s email like in house accounts. The cards that need to be authenticated by 3D secure will trigger a modal where the user should enter an email address.

  • You can check the Email Delivery Log tab, to see if the Groups email was sent to the correct address or to resend the emails.
  • Emails triggered in Groups feature don’t contain any item or reservation information. Please check below an email example:

Frequently Asked Questions

Where can I see the payment with pending approval from guest?

You can find the payment under the guest's folio inside their reservation. The payment will be pending to be processed until the guest approve the request.

Follow steps to check the payment:

  1. Inside the guest's reservation, go to Folio
  2. In the Transactions filter, select Pending
  3. Click Apply
  4. The pending payment will be in grey. In the column Type it mentions the credit card and type of the transaction Pending Payment on [gateway name]. If you need to cancel the payment, click the gear icon and select cancel.

Canceling the payment request

If you cancel the payment that is currently pending for guest's approval, the Approve and Decline links that sent in the Payment Request Email will expire and cannot be used anymore.

How can I cancel the payment with pending approval from guest?

Follow steps to cancel the payment:

  1. Inside the guest's reservation, go to Folio
  2. In the Transactions filter, select Pending
  3. Click Apply
  4. The pending payment will be in grey. In the column Type it mentions the credit card and type of the transaction Pending Payment on [gateway name]. If you need to cancel the payment, click the gear icon and select cancel.

Canceling the payment request

If you cancel the payment that is currently pending for guest's approval, the Approve and Decline links that sent in the Payment Request Email will expire and cannot be used anymore. The following error will be displayed:

Can I add a new payment while there is already a pending authentication for the guest?

If you add a new payment using the credit card which already has a pending guest authentication, the following warning message will be displayed.

It's recommended to wait until guest authenticates or cancel the pending payment in the folio before adding additional payments. See the steps above (link to section) to cancel the pending payment.

Will the pending payment be automatically allocated?

Pending payments can't be automatically allocated even if the Payment Allocation box is checked. In this case, the payment need to be allocated after the payment is posted (authenticated by the guest) on the guest's folio.

Please refer to this article to learn how to allocate the payment: Allocation of already posted transactions on the folio

Powered by Zendesk