HolidayRentPayment 3DSecure- Recent issues, upgrades and troubleshooting.
This article includes everything you need to know about:
- The previous issues you may have faced recently when taking payments
- The reason for these changes and updates
- Troubleshooting future payment failures
Please read the full article so you can gain a full understanding as this will help you to diagnose any current 3DS payment issues before needing to create a support ticket.
You can also click here to view our recent blog on Payments, Authentication and Security: Understanding 3DS. This will help to understand the importance of these recent changes and the benefits they have on security risk and fraud.
Recent 3D Secure upgrades and the affects on payments...
You may be experiencing errors for failed payments from your guests. There has been a recent introduction of 3DSecure Version 2, where a guest is often required to authorize a payment transaction before it can be processed. This is related to the PSD2 (Payment Services Directive) regulations that have been more strongly enforced this year and will continue to do so going forward.
It started on the 1st of June 2021 where card providers such as MasterCard, American Express and Visa have started to implement SCA (Strong Customer Authentication) in line with the regulation coming into full force on the 14th March 2022.
Right now if a guest is not using a 3D Secure card or did not complete the SCA process then the payment will likely fail. This is why payment failure rates are higher than ever before.
As above the official deadline for this SCA compliance deadline in the UK by the Financial Conduct Authority is not until 14th March 2022.
At SuperControl we upgraded to version 2 in two stages, first of all we upgraded all front end payments (July 2021), then we recently just upgraded backend payments (14th September 2021). This means HolidayRentPayment in SuperControl is now fully 3DS compliant and Version 2 ready.
Stage 1. To upgrade the front-end payments it involved incorporating our new payment pages to the front-end booking process. Previously we only released our new payment pages on the links within a booking that you send your guests in e-mails or SMS, and in the guest login. Now when booking on your website the guest will be redirected to our new payment pages. This was the missing piece to the final 3DSV2 upgrade- now complete.
Stage 2. To upgrade the back-end payments it involved us needing to differentiate transactions in our system between front-end and back-end payments. As back-end payments using HolidayRentPayment can't go through 3Dsecure due to them not being directly made by the guest, we needed to make some changes to show that these types of payments need to have 3Dsecure exemption to process successfully.
Front end payments are any payments made directly by the guest i.e:
- Guest's paying when making a booking on your website.
- Guest's paying through the online payment link that you send them within the booking in an E-mail or SMS.
- Guest's paying through the online payment link in the guest login.
Back end payments (Also known as MOTO payments- Mail Order/Telephone Order payments) are any payments made in the backend of SuperControl so any manual/admin payments i.e:
- Submitting a manual card payment or refund in the customer payment tab.
- Manually processing repeat card payments (future balance payments) from a previously pre-authorised card.
- Manually holding/releasing funds for a security deposit with a previously pre-authorised card.
This is a simple process where, during the payment after the guest has entered their card details to submit the payment, they have to authorise the transaction via a text message from their card issuer, or their banking app. This has become a standard payment process when making online payments via card, and is not specific to HolidayRentPayment, SuperControl, or the holiday rental industry.
For HolidayRentPayment 3D Secure version 2 has been fully implemented on our new payment pages, and our back-end system for admin payments so you do not need to do anything.
As mentioned here we done the final 3D secure upgrade in two stages, front end first then back end. Channel payments are classed as backend payments (MOTO), until the upgrade was made on the back-end then this is why you may not have received card details...
With Vrbo or Booking.com bookings if you manage the payments then it is you who directly processes that payment, not the guest, so the payment wasn't coming through in the bookings prior to the final upgrade as HolidayRentPayment were blocking all non 3D Secure payments.
The final upgrade to the back-end payments was made in September 2021 so any bookings prior to this that do not have any card details for you to process in the booking unfortunately you will need to contact the guest to re-submit the payment by sending the SuperControl payment link. Any bookings after the 14th September will pull through the card details for you to continue to process.
Before we completed the final upgrade to back-end payments, you may have noticed some security deposit holds were failing. As back-end payments using HolidayRentPayment can't go through 3Dsecure due to them not being directly made by the guest we needed to make some changes to show that these types of payments need to have 3Dsecure exemption to process successfully. This upgrade is now complete and you should be able to process security deposit payments again.
What are back-end payments?
Back-end payments are admin/internal system payments. So any payment not made on your front end website or through the payment pages links.
Payment failure rates are higher than ever before. Until all guests start to use the 3D Secure process when paying online this will be the case. If the guest is using a 3Dsecure card but the payment is still failing this could be for a few reasons:
1. The one time pin sent from the bank was entered incorrectly.
2. They did not receive the OTP or authorisation message from their bank to approve the transaction or they are entering an old/expired pin.
3. The OTP or authorisation message sent from their bank was not entered or approved within the required time frame.