Everything you should know about PSD2


PSD2  is the second version of the Payment Services Directive. The first version was adopted in 2007. If you remember what the world of online payments looked like at that time, you can imagine how far from today's realities the regulations were then.

Not only has the market for payments, and ways of payment developed since then, but there are also more ways for stealing funds from accounts and credit cards. This is why a new version of the directive has been created. It was done in order to reduce this type of fraud by means of introducing greater transaction safeguards. What exactly do they include? One of them is the concept (and requirement) called  Strong  Customer  Authentication  (SCA), which we are going to discuss in detail below.

Your guests expect you to offer secure transactions, but, as a hotelier, you also want to ensure that the amounts you receive for your bookings do not have to be refunded due to fraud. That is why it is useful to get acquainted with the details of the upcoming changes.

What is the objective of SCA?

In short, SCA aims to make sure that the person providing credit card details (or using an online bank account) is actually the account holder, and not an unauthorized third party. SCA is based on additional security for each transaction performed online in one of the ways known to us from the computer world, such as:

  • the use of password (and similar systems using information known to the guest, but not to an unauthorized person),
  • text message confirmation in a phone app (and other such systems based on what the guest knows or possesses, but no one else does, such as a phone number),
  • fingerprints (and other similar biometric safety measures, based on elements that are unique to an individual).

The best-known and commonly used security system you probably are acquainted with is 3D  Secure. When you make a payment, you receive a one-time code confirming the transaction either via a text message, or a bank application. You then enter this code online as without it the transaction will not be effected.

Such safeguards will not only become increasingly common and improved (e.g. 3DS will be replaced by 3DS2), but also required in transactions that have so far been performed without them. So it is a good idea to know how this will affect booking payments.

When and where will the new measures be introduced?

PSD2 and SCA apply in the European Economic Area, which domprises the European Union as well as Iceland, Liechtenstein and Norway. This means that they apply to accounts and guest cards issued in this area and to transactions performed there only. Both conditions must be met at the same time, which means that  guests from the US are not subject to PSD2,.even if they book a stay in the EU. The same is the case with EU residents booking a stay outside the PSD2 area - they do not need SCA protections then.

The provisions of the Directive enter into force on 1 January 2021.

What impact does SCA have on your business?

Direct online payment

If your Profitroom Booking Engine is connected to payment gateways, you are likely to receive most booking payments online. What needs to be done then? First of  all, you should make sure that the online payment system used by your providers complies with PSD2. You can do this by contacting the providers directly. Below is the list of gateways we recommend:

  • Global Payments
  • Six Payments

Keep in mind that when you use incompliant PSD2 systems, you run the risk of having transactions rejected. Following the requirements, banks may not accept unsecured transactions, or may cancel them after some time, which can generate losses.

How can you secure your bookings?

Here are some suggestions:

  • By setting up an online payment gateway. 
  • By configuring Instant Confirmation as a method of securing your booking.
  • By changing the booking conditions on offer to "Booking with payment schedule", which we will soon modify to make them more flexible and better suited to the current realities, in which guests can expect to make a reservation without any pre-payment until a few days before arrival.
  • By setting up the Traditional Transfer option as a method of securing your booking

Cooperation with OTA

Profitroom Channel Manager operates on the basis of data transmitted by OTA channels. This means that the PSD2 directive will not change anything in terms of the functioning of this system. If OTA channels change the mechanism for making guests’ credit cards available (it is possible that additional information verifying the so-called SCA record will be required), our system will be adapted to the new standard without delay.


Things to keep in mind after 1 January 2021:

  1. PSD2 is a directive that requires increased security for online transactions (both card payments and other forms of transactions), also covering common ways of payment for bookings.
  2. Make sure that the online payment gateways you use are PSD2-compliant (this applies to all payment tools).