Important note: this regulation will not come into force on the 14 September 2019 in the UK. It has been delayed for 18 months. Please see FCA announcement for more information: https://www.fca.org.uk/news/press-releases/fca-agrees-plan-phased-implementation-strong-customer-authentication
It is still unclear what approach other EU countries will take. We are actively researching this and will make changes in line with the regulation and deadlines.
News in the industry was that on 14 September 2019 a new regulation will come into force mandating Strong Customer Authentication (SCA) for many online payments in the European Economic Area (EEA), including the UK. SCA is part of the second Payment Services Directive (PSD2), also known as 3D Secure 2.0.
When SCA is implemented, a form of two-factor authentication will be required for many online payments in Europe. Without authentication, many payments will be declined by your guests’ banks. Traditional card payments usually involve two steps: authorisation and capture. A payment is authorised when a guest’s bank or card issuer decides to approve payment and the payment is captured when the card is charged. From 14 September 2019 an additional mandatory step (authentication) will be required before payment is authorised and captured. This will help protect you and your guests by preventing fraud. To authenticate a payment, your guest will respond to a prompt from their bank to provide additional information. This could be something they know (eg a password or a PIN), something they use (eg a phone) or it might be something that’s a part of who they are (eg a fingerprint).
How SuperControl is preparing for PSD2: SCA
Our developers are making necessary adjustments behind the scenes to ensure we have everything ready to go. This work is similar to the 3D Secure that we have in place now (with the exception of payment providers that ask for two-factor authentication where a guest needs to verify the payment via eg online banking or an SMS message).
What's happening:
We are ready to implement the changes, where possible by September. However, we are waiting for partners and payment processors to send us the relevant details.
We will also be adding 3D Secure to payments received via HolidayRentPayment to ensure compliance (when we receive their 3D Security specification).
Our team is liaising with the Online Travel Agents (OTAs) that we link with in our channel manager to finalise details with regards to authorisation of payments from third party bookings.
We will update you when this information has been confirmed.
What do you need to do?
As far as bookings that are paid for via your SuperControl booking pages, you do not need to take any further action. We've got it covered.
**We will add an alert to your SuperControl account when we have more information from the OTAs and when the PSD2:CSA actions have been completed.**