PSD2: what is it, and what impact does it have on my hotel's direct sales?

news

March 1, 2024

Roiback

Key points


- The PSD2 regulation will become mandatory on January 1, 2021.

- From that date on, in order to make online payments to your customers, you will have to hire a Virtual POS or the services of a payment processing platform.

- In addition to managing online collections from your customers, a payment platform will allow you to collect no-shows and penalties for late cancellations.

- Roiback, in addition to being integrated with the main payment gateways on the market, also offers Epayments Manager, a payment management platform that helps you automate your prepayments, installment payments or payments at the hotel, in strict compliance with PSD2 regulations.

Let's get started!

The Payment Service Directive (PSD2) regulation will be mandatory as of January 1, 2021. Although the regulation has been in force since September 2019, the European Commission offered a moratorium to allow companies to adapt.

In this article we explain how PSD2 will affect your hotel and what you need to do to comply with the regulation.

What is PSD2?

PSD2 regulates payments (card payments, transfers or direct debits) made in Europe with the aim of boosting their transparency and security.

To increase security, at the time of payment PSD2 will require at least two of these three authentication factors to be applied:

To whom does PSD2 apply?

The PSD2 regulation applies to online payments, and requires compliance only when the card issuing bank (your customer's bank) and the bank acquiring the payment (your bank) belong to the European Union.

What do I need to do to comply with PSD2?

In the event that your hotel performs any type of online payments and transactions, you must hire and use a Virtual POS or a payment platform capable of authenticating the user according to the indicated authentication factors. In addition to complying with the regulations, using a payment platform or virtual POS will allow you to automate the online payment processes, and you will generate trust from your customers, who are already accustomed to these payment processes in their online purchases.

What is the difference between a POS and a payment platform?

A Virtual POS or online Point of Sale Terminal is an online payment tool that allows digital businesses to make sales with immediate payment through the Internet. A payment platform also offers other services such as fraud management and control tools, reconciliation support systems, connection with other online or offline payment methods and other services.

The most important payment processor in Spain is Redsys, which provides a virtual POS solution integrated with the main banks. In the case of payment platforms, there are many in the market with more or less services: Ingénico, Addon Payments (CaixaBank), PayU, Paycomet (Banco Sabadell), among others.

To activate a virtual POS you will need to talk to your bank, who will advise you and help you implement it. A discussion with your engine partner beforehand can help you better understand the solution best suited to your business, based on the complexity of your operation and your technology roadmap.

How does PSD2 impact your hotel's payment management?

Reservations with customer payment at the hotel: If the only payment method you provide to your customers is payment at the hotel, the regulation does not apply to you because there is no online transaction. At the time of payment, the customer is present at the hotel and the dataphone - or physical POS - already asks for a PIN.

The problem will arise if you want to charge a 'no show' or cancellation penalty. In this case you will need to charge the customer's card without them being present and therefore PSD2 regulations would apply.

You will need a payment platform to comply with PSD2 and be able to launch the collection of these penalties. The payment platform will be in charge of protecting and tokenizing your customer's card data, which is a must according to PSD2. Any other way of making these charges will be placing you outside the regulations.

Non-refundable reservations and pre-payments before the customer arrives at the hotel: If you use non-refundable rates or partial pre-payments and you want to charge the customer's card before the customer arrives at the hotel, we would be talking about online transactions (for the total or for a fraction of the reservation), and PSD2 regulations do apply.

Your hotel must manage this type of payment through a virtual POS or payment platform. To complete the payment, the platform will require from your customer at least a double security authentication. This regulation applies to any online payment, including OTAs.

What is tokenization?

Tokenization is used to secure credit cards. When registered on a payment platform, the customer's credit or debit card number is replaced by a series of randomly generated numbers (a token).

These tokens can pass through the Internet or networks necessary to process the payment without the actual card details being exposed. In this way, the card digits are kept secure within a security "vault" that prevents the card data from being used for fraudulent purposes. This process is carried out by the companies that provide the virtual POS and the payment platforms themselves.

How does PSD2 affect my telephone or email sales?

Telephone and email sales (MOTO or Mail Order and Telephone Order) are exempt from PSD2 regulations. Charges can continue to be made as before, using only the card number and without double authentication. To do so, the POS must be configured to make MOTO transactions and must be authorized by the acquiring bank (your hotel's bank).

Call centers will be able to sell without the regulation applying to them. That said, it is common and recommended practice to avoid capturing the card over the phone. An email is usually sent to the customer with a link to a secure platform where the purchase will be finalized, following the PCI DSS (Payment Card Industry Data Security Standard).

Does PSD2 affect payments to and from the UK?

The final outcome of the Brexit negotiations will decide whether the UK is governed by PSD2.

How can Roiback help you simplify your payment management?

In Roiback we have developed a payment management platform connected to the main POS and payment platforms, to help the hotel to apply charging rules linked to the rates automatically.

For example, semi-flexible rates where the client is charged X days prior to arrival for a portion or the total; or semi-flexible rates where the client is charged in several payments from the time of booking until arrival. It can also be decided to charge a percentage X days after booking as a deposit.

Any charging rule you link to a rate will be executed automatically. This gives you a very high degree of flexibility to define attractive payment methods for the customer, without additional work for the hotel.

In addition, Roiback's booking engine is integrated with the main payment processors in the market.

Remember

  • The PSD2 regulation will become mandatory on January 1, 2021.
  • From that date on, in order to make online payments to your customers, you will have to hire a Virtual POS or the services of a payment processing platform.
  • In addition to managing online collections from your customers, a payment platform will allow you to collect no-shows and penalties for late cancellations.
  • Roiback, in addition to being integrated with the main payment gateways on the market, also offers Epayments Manager, a payment management platform that helps you automate your prepayments, installment payments or payments at the hotel, in strict compliance with PSD2 regulations.

Read more

news

Seasonal Flavors: A Christmas menu that combines tradition, innovation and sustainability

By

Roiback

READ

news

How GOOGLE's DMA changes impact your direct channel and what you can do to adapt to them

By

Felipe Bravo, Head of Roiback Digital

READ

news

Hotel direct channel trends in Latin America by 2024

By

Roiback

READ

Shall we work together?

CONTACT