The Second Payment Services Directive

DETAILS ABOUT PSD2 COMPLIANCE

What is PSD2?

PSD2 is short for the second Payment Services Directive, which is a new directive in the EU which goes into effect on September 2019. These new regulations are meant to:

  • Create a more unified European payments market
  • Make payments safer and more secure
  • Protect consumers

It requires any non-recurring online transaction over 30 EUR within the EU to have improved, secure, two-factor authentication. This applies even if one party (payer or payee) is not in the EU when the purchase takes place.

What is two-factor authentication?

Two-factor authentication is a security mechanism that requires two types of credentials for authentication to minimize security breaches. In this context, if a consumer makes an online purchase over 30 EUR, he or she must confirm the purchase with a combination of two different types of identification factors. Identification factors are categorized as:

  1. Knowledge – something only the person knows, such as a password, secret question, PIN, authentication key
  2. Possession – something in the person’s possession, such as a mobile phone or a smart chip
  3. Inherence – something characteristic of the person, such as biometric data like fingerprints or face ID

What does it mean for my hotel/hotel chain?

These regulations impact your website’s booking page and direct website booking processes. You should clearly state how you plan to use credit card data in your terms of use (eg. guarantee for possible fees/no shows? Late cancellation? Payment for the cost of the hotel stay? To cover additional expenses while on-premise, like minibar use?). Guests are required to accept your terms of use upon booking. Further, payments above 30 EUR that are made through your website’s booking engine must include two-factor authentication.
Keep in mind that PSD2 regulations are exclusively for online payments. If you receive credit cards from travel agents, online travel agents (OTAs) or directly from the guest over the phone or e-mail, these transactions are not required to have 2-factor authentication.

PSD2 compliance with apaleo

apaleo uses Adyen as a payment service provider and thus offers all possibilities to design the payment page in such a way that it complies with the requirements of the PSD2. If you are using a third-party booking engine, please contact the third-party booking engine and clarify their compliance with the requirements of the PSD2.