What is PSD2?
PSD2 is short for the second Payment Services Directive, which is a new directive in the EU which goes into effect on September 2019. These new regulations are meant to:
- Create a more unified European payments market
- Make payments safer and more secure
- Protect consumers
It requires any non-recurring online transaction over 30 EUR within the EU to have improved, secure, two-factor authentication. This applies even if one party (payer or payee) is not in the EU when the purchase takes place.
What is two-factor authentication?
Two-factor authentication is a security mechanism that requires two types of credentials for authentication to minimize security breaches. In this context, if a consumer makes an online purchase over 30 EUR, he or she must confirm the purchase with a combination of two different types of identification factors. Identification factors are categorized as:
- Knowledge – something only the person knows, such as a password, secret question, PIN, authentication key
- Possession – something in the person’s possession, such as a mobile phone or a smart chip
- Inherence – something characteristic of the person, such as biometric data like fingerprints or face ID
What does it mean for my hotel/hotel chain?
Keep in mind that PSD2 regulations are exclusively for online payments. If you receive credit cards from travel agents, online travel agents (OTAs) or directly from the guest over the phone or e-mail, these transactions are not required to have 2-factor authentication.
PSD2 compliance with apaleo
apaleo uses Adyen as a payment service provider and thus offers all possibilities to design the payment page in such a way that it complies with the requirements of the PSD2. If you are using a third-party booking engine, please contact the third-party booking engine and clarify their compliance with the requirements of the PSD2.