1. Cloudbeds
  2. Payment Processing
  3. Other Payment Gateways
  4. Other Payment Gateways - General Information and Frequently Asked Questions

Frequently Asked 3DS Authentication and Decline Questions

Gabriela Garcia
Updated

Cloudbeds is working to stay compliant with updated industry regulations, including 3D Secure (3DS) requirements enforced by card networks and local payment authorities. As part of this effort, you may encounter new prompts or error messages when trying to charge guest credit cards through Cloudbeds Payments (Stripe or Stripe Direct).

This guide explains what those messages mean and what you or your guests can do when they appear.

  Having trouble processing payments in August 2025? Cloudbeds is actively working on updates related to recent 3DS regulation changes. 

  • If you're encountering errors charging virtual cards (VCCs) or seeing authentication prompts, refer to the relevant sections below for immediate steps you can take.
  • These are temporary workarounds while long-term improvements are in progress.

What does "Token does not exist in vault" mean when trying to charge a saved card?

This message appears when a guest’s saved credit card can no longer be found in the secure vault managed by Stripe. It usually affects cards saved before recent 3DS updates and may be tied to tokens that were invalidated during Stripe compliance enforcement.

 

 

While the issue is now contained and no new cards should be affected, existing cards with this error may not be recoverable for charging purposes.

What you can do:

  1. Mark the card as invalid in the PMS
  2. Request a new payment method from the guest
  3. If needed, collect payment via Pay by Link or offline method

Why do I see "Invalid token ID" for failed Booking Engine reservations?

If you see “Invalid token ID” linked to a reservation with ID shown as N/A, this means the guest attempted to make a reservation via the Booking Engine, but the reservation failed before being completed. The system was unable to store the card token or create a customer record.

These entries may still appear in your Payment Processing Report, but no reservation was created, and no payment can be collected from these entries.

Key details:

  • Each N/A row corresponds to a failed reservation attempt
  • No card details are stored — nothing can be recovered
  • New attempts will not be affected going forward

 

Why do I need to manually approve a Booking.com virtual card (VCC) or OTA card?

Due to evolving 3DS2 (3D Secure) regulations in regions like Europe and the UK, certain virtual cards (VCCs) issued by OTAs, including Booking.com, may now require manual authentication before the transaction can be processed. This extra verification step is enforced by the card network and the issuing bank, not by Cloudbeds or Stripe.

If the VCC has not been authenticated yet, the charge attempt may fail, and the following error may appear in the Payment Processing Report:

 

In these cases, the PMS will automatically send an authentication request to the email associated with the card or the OTA. You can review this under the Email Messages tab in the guest's reservation:

 

When the recipient opens the email, they’ll be prompted to approve the transaction. Only after this step is completed can the card be charged successfully:

 

Resolution steps:

  1. Open the reservation and go to the Email Messages tab.
  2. Look for the email with the subject line "Authenticate your card".
  3. Click View, then select Approve inside the message.
  4. Return to the reservation’s Credit Card or Folio tab and try the charge again.

  Important: This process only works for virtual cards (e.g., from OTAs like Booking.com). It will not work for regular guest cards, and repeating the process with those may block the card due to failed attempts.

  This workaround is a temporary solution while Cloudbeds and Stripe work on improving this flow. These steps allow you to manually approve authentication requests triggered by 3DS regulation changes introduced last week. While not ideal, this method helps process OTA-issued virtual cards (VCCs) affected by the update.

Why is the guest receiving a message to approve a card they already paid with?

Some guests may receive a 3DS prompt or message through the Booking.com Extranet or via email, even if they believe they already paid online. This is triggered by the additional authentication required by the card issuer, not by Cloudbeds directly.

Guests only need to approve the charge once for the transaction to succeed. You can then charge the card through the PMS as usual.

 

  If the guest sees the 3DS authentication message inside the Booking.com chatbox, they won’t be able to approve the payment. This is because Booking.com automatically removes all clickable links from chat messages.

What you can do:

Ask the guest to check their personal email inbox for the original message forwarded by Booking.com. The authentication link should be accessible there, allowing them to complete the verification successfully.

What does the error message "Your card does not support this type of purchase" mean?

This message appears when the issuing bank rejects the transaction. In most cases, this corresponds to Stripe’s decline code:

transaction_not_allowed

This decline code typically applies to:

  • 🎫 Prepaid travel cards or vouchers with restrictions
  • 🏢 Corporate or fleet cards (e.g., fuel cards)
  • 🌐 Cards blocked for specific merchant types or international use

Next steps:

  1. Ask the guest to use a different card
  2. Recommend they contact their card issuer for more details
  3. Try a different payment method (e.g., Pay by Link, bank transfer)

 

 

Are these 3DS prompts and restrictions permanent for virtual cards and guest payments?

Yes. These prompts are part of ongoing 3DS regulation compliance and are required by many card networks and financial regulators globally. Stripe enforces these rules based on the issuing country, card type, and transaction risk.

However, Cloudbeds is actively working on:

  1. 🔄 Reducing unnecessary prompts for OTA virtual cards
  2. ⚙️ Aligning the PMS experience with Stripe’s backend requirements
  3. 🧾 Improving the clarity and accuracy of the display error messages

What is Cloudbeds doing to improve these payment messages?

We are working to improve the visibility and clarity of error messages for both property staff and guests.

What’s in progress:

  1. 🧭 Mapping internal decline codes to clearer display messages
  2. 🔍 Matching Stripe error responses with guest-friendly text
  3. 📘 Preparing new in-app guidance

This is part of a broader effort to simplify the payment experience and reduce confusion when dealing with declined transactions.

What should I include when contacting support about a failed card charge?

If a payment fails and you're not sure why, please gather the following information before contacting Cloudbeds Support:

  • Screenshot of the error message
  • The last 4 digits of the credit card
  • Guest/reservation name
  • Date and time of the charge attempt

With this information, our team can investigate more quickly and advise on the next steps.

Was this article helpful?
0 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.