To ensure the highest level of security for your property and your guests, Cloudbeds is enhancing how manual credit card transactions are handled. This guide explains the 3D Secure (3DS) confirmation process, why it is necessary, and how it impacts your daily operations.
What is 3D Secure (3DS)?
3D Secure is an additional layer of security for online credit and debit card transactions. It acts as a digital "handshake" between the guest and their bank to verify that the person making the payment is the authorized cardholder.
Why is this change happening?
This update is part of a security enhancement for all properties using Cloudbeds Payments or Stripe Direct. By triggering 3DS more frequently during manual card entry, we provide:
Fraud Protection: Significant reduction in the risk of unauthorized charges and costly chargebacks.3
Higher Authorization Rates: Banks are much more likely to approve transactions that have been verified via 3DS.
Industry Compliance: Aligning with global payment standards and Stripe-enforced security rules.
How the Process Works
When you manually add a guest’s credit card details into the Cloudbeds PMS to process a payment, the system will now follow these steps:
1. Staff Adds the Card
Your team enters the credit card information into the Cloudbeds interface as usual. Upon clicking "Process," the system triggers the security protocol.
2. Guest Verification Email
The system automatically sends a secure 3DS confirmation email directly to the guest. This email contains a link that directs the guest to a secure page hosted by their bank.
3. Pending Status on Folio
While waiting for the guest to take action, a Pending Transaction will appear on the reservation folio. This serves as a placeholder while the bank verification is in progress.
You can Navigate to reservation's email messages to view what was sent to the guest:
4. Final Result
The outcome depends entirely on the guest's action:
| If the Guest... | The Result is... | Folio Impact |
|---|---|---|
| Completes the verification | Success | The "Pending" transaction turns into a Posted payment. |
| Declines or fails verification | Failed | The "Pending" transaction disappears. The card becomes un-processable and must be re-added to try again. |
What Your Staff Needs to Know
To ensure a smooth check-in and payment experience, please keep the following operational tips in mind:
Identifying Pending Payments
If you attempt to process a payment on a card that is already awaiting a guest's 3DS confirmation, Cloudbeds will display a warning. No additional pending transactions will be created for that card until the first one is resolved.
When a Guest Fails Authentication
If a guest declines the 3DS prompt, the card data is invalidated for security reasons. You cannot "reactivate" it; your staff must manually re-add the card details to start a new 3DS request.
Best Practice: Use "Pay by Link"
For remote bookings or payments handled over the phone, we highly recommend using Pay by Link.
Why? Instead of your staff manually typing in sensitive card data, the guest enters their own information and completes the 3DS step in one seamless flow. This is the most secure way to handle "Card Not Present" transactions.
Comments
Hello,
I believe the recent changes are complicating the payment process and are forcing us to return to using an external Stripe account for phone reservations, since it does not require 3DS and payments go much more smoothly. Many guests use slow phones, and sometimes they do not even see the 3DS request, which leaves payments pending in the system for days or until they are eventually canceled.
I do not fully understand the changes introduced over the past few months regarding payments. Previously everything worked flawlessly, and we were very satisfied not having to rely on external systems. However, we are increasingly forced to use Stripe again, especially as we have noticed that in some cases your commission becomes very high for larger amounts.
I assume you have your reasons for these decisions, and we will adapt as needed, but we wanted to share our experience and concerns from an operational perspective.
Kind regards,
Marko
Hello Marko Kozic,
Thank you for sharing you're feedback. We've created a new ticket for you so our Support Team can review your situation and provide dedicated assistance as soon as possible.
Thank you,
Hi! We think this is going to increase guest complaints at check-in by a lot. Our security process and chargebacks are already incredibly low without this being added. Not every guest has an email, because of booking.com and expedia auto generated email accounts. This means at check-in a guest will have to re-log in to their booking.com portals to be able to access the authentication process, which I imagine involves them then also logging into their bank account which is an additional step. If multiple guests are checking in we imagine this adding a lot of frustration to both team and guests and adding minutes of sitting around time when a guest might have just traveled hours to arrive at our hotel.
This should be an opt-in feature and not a mandatory roll out since this solves a problem we have zero issues with, while adding a layer of complexity to check-in for both team and guests. Also we have some guests who are less tech savvy who will have to navigate on web portals that they might find difficult.
Again, I think this is a very unwelcome addition to the cloudbeds system.
Nope. Please, no. This going to be a huge issue for both our staff and our guests. Please make this an opt-in option. We have a remote location and internet can be spotty. We are already having a tough time reaching guests to confirm other information. Something as crucial as payments and cancellations being subject to ONLY email authorization is very limiting. I personally rarely check my email. I know many people my age and much younger than me who shun it. If payments are rejected and cancellations occur because people don't check their email, we are going to experience massive losses, I can totally imagine many occasions when international quests might arrive after traveling for weeks, only to find out that their reservation was cancelled and their room was re-booked. We are not a large enough property to be able to handle those type of losses and guest frustration leading to harmful reviews. I totally agree with Brandon Shirk above.
Hi, I agree with the previous commenters. We have had zero problems with this issue. The process for taking orders and payment information over the phone is already longer and more convoluted than most guests seem able to tolerate, and now you're adding yet another way for the process to break down? And then you're asking the front desk person to manually re-enter something if the guest doesn't respond in time?
The more we use Cloudbeds Payments, the more complex and the less transparent it has become. We are extremely disappointed with this latest step.
This is a terrible feature that is going to lead to more guest complaints and complications. I have a lot of international travelers that are going to have trouble accessing their email while they are standing in front of me for this useless next step. Please reconsider this enhancement.
Hello Cloudbeds Staff,
This directly effects reservations made by the telephone.
#1 Explain, how is the reservation any less secure on the telephone than one made on the web?
#2 Explain, why you are sending 'email' notices when Booking.com and Expedia specially auto generate their own emails for guest booking through their websites and guest typically don't monitor these emails.
#3 Explain, why even bother to do this in the first place? When the reservations was made the credit card given was to guarantee the room.
The purpose of the credit card is to guarantee the room. Otherwise, every guest can be a no show and the business is 'out of luck!
Hello, Brandon Shirk , Sunny Cannon , Jeff Sweat and Natalie Gelbke-Mattis
Thank you for your honest feedback regarding the 3DS verification for manual card entries 🙏🏼 We hear your concerns about the impact on check-in flow and guest communication, especially in remote or fast-paced environments.
We want to share a few key points on why this update is essential for your property's security:
We truly value and appreciate your comments, and we hear you. Your feedback has already been shared with our Product Team as we work to make these mandatory security standards as seamless as possible for your daily operations.
Thank you for your continued partnership.
Hi, Patricia Byrnes
Thank you for reaching out and sharing your perspective with us. We truly appreciate the time you took to highlight how these security updates impact your daily operations, particularly for reservations made over the telephone. We value your feedback as it helps us understand the practical challenges our partners face.
To help clarify the reasoning behind these security measures, we’ve put together some information regarding your specific questions:
1. Why is a reservation made by telephone considered "less secure" than one made on the web?
When a guest books through a website integrated with 3D Secure, their bank performs a "digital handshake" (such as a fingerprint scan or an SMS code) at the moment of booking. This confirms the person making the reservation is the authorized cardholder.
When card details are taken over the phone and entered manually, this verification step doesn't happen naturally. Without this digital confirmation, the transaction is classified as "Card Not Present," which carries a higher risk of fraud. By sending a 3DS confirmation link, we are essentially bringing that same high level of web security to your phone reservations, ensuring that the cardholder has officially authorized the use of their card at your property.
2. Why are email notices sent if guests already receive emails from Expedia or Booking.com?
We understand that guests receive multiple communications, and we aim to keep the process as streamlined as possible. However, the 3DS verification email is a specific security requirement from the payment processor (like Cloudbeds Payments or Stripe) and the guest’s bank.
While OTAs send booking confirmations, they often do not perform the specific authentication required for your property to process a charge or a guarantee later on. The email from Cloudbeds provides a direct, secure link to the guest's bank so they can authorize the transaction specifically for your business. This ensures that when you need to process that payment, the "handshake" is already in place.
3. Why implement this for "guarantee only" reservations?
You make an excellent point about the purpose of a credit card being a guarantee against no-shows. The primary reason for 3DS in these cases is to ensure that the "guarantee" is enforceable.
In the past, if a guest was a no-show and you attempted to charge a manually entered card, the guest could dispute the charge as "unauthorized" since there was no proof they provided the card. Without 3DS, the merchant (the property) almost always loses those disputes. By having the guest complete the 3DS process at the time of the guarantee, you gain "liability shift" protection. This means the bank recognizes the guest authorized the card, making it much harder for them to dispute a no-show fee and ensuring your revenue is better protected.
We understand that this adds an extra step for your guests, and we are constantly looking for ways to make these essential security layers as seamless as possible.
Thank you again for your candid feedback, Patricia 💛 If you have any further questions or if there's anything else we can assist you with, please don't hesitate to ask.
We often manually enter credit cards upon arrival for security deposits, would this apply to those as well? What about if we scan them in instead using the Cloudbeds card reader? Would this apply then as well?
I can see this causing way more issues since a lot of my guests are older. Also, what if someone doesn't have an email address? I do have that from time to time.
Hello, Brandon Shirk,
Our Support Team will review your inquiries and provide you with more information as soon as possible.
Thank you!
Hello, Natalie Gelbke-Mattis,
We hear you, and we truly appreciate your honest feedback.
We’ve forwarded your questions directly to our Support team so they can review these specific scenarios and reach out to you with the best way to handle them.
Thank you!
Article is closed for comments.