PSD2: what is it, and what impact does it have on my hotel's direct sales?

Roiback

Key points

• PSD2 regulation will be mandatory on January 1, 2021.

• From that date, to make online charges to your customers you must contract a Virtual POS or the services of a payment processing platform.

• In addition to managing online payments from your customers, a payment platform will allow you to charge no-shows and penalties for out-of-time cancellations.

• Roiback, in addition to being integrated with the main payment gateways in the market, also offers you Epayments Manager, a payment management platform that helps you automate your prepayments, split payments or payments at the hotel, in strict compliance with PSD2 regulations.

Let's start!

The Payment Service Directive (PSD2) will be mandatory from January 1, 2021. Although the regulation has been in force since September 2019, the European Commission offered a moratorium to allow companies to adapt.

In this article we explain how PSD2 will affect your hotel and what you need to comply with the regulations.

What is PSD2?

PSD2 regulates payments (card payments, transfers or direct debits) made in Europe with the aim of promoting their transparency and security.

To increase security, at the time of payment PSD2 will require the application of at least two of these three authentication factors:

Who does PSD2 apply to?

The PSD2 regulations apply to online payments, and compliance is only mandatory when the card issuing bank (your customer's bank) and the payment acquiring bank (your bank) belong to the European Union.

What should I do to comply with PSD2?

In the event that your hotel makes any type of online charges and transactions, you must contract and use a Virtual POS or a payment platform capable of authenticating the user according to the indicated authentication factors. In addition to complying with the regulations, using a payment platform or virtual POS will allow you to automate online payment processes, and you will generate trust from your customers, who are already accustomed to these payment processes in their online purchases.

What is the difference between a POS and a payment platform?

A Virtual POS or Point of Sale Terminal online is an online payment tool that allows digital businesses to make sales with immediate collection through the Internet. A payment platform also offers other services such as management and fraud control tools, support systems for reconciliation, connection with other online or offline payment methods and other services.

The most important payment processor in Spain is Redsys, which provides a virtual POS solution integrated with the main banks. In the case of payment platforms, there are many on the market with more or less services: Ingénico, Addon Payments (CaixaBank), PayU, Paycomet (Banco Sabadell), among others.

To activate a virtual POS, you must speak with your bank, who will advise you and help you implement it. A discussion with your engine partner beforehand can help you better understand the solution best suited to your business, based on the complexity of your operation and your technological map.

How does PSD2 impact the payment management of your hotel?

Reservations with customer payment at the hotel: If the only payment method you give your customers is payment at the hotel, the regulations do not apply to you because there is no online transaction. At the time of payment, the customer is present at the hotel and the dataphone – or physical POS - already asks us for a PIN.

The problem will appear if you want to charge a 'no show' or cancellation penalty. In this case, you will need to charge the customer's card without them being present and therefore, the PSD2 regulations would apply.

You will need a payment platform to comply with PSD2 and be able to launch the collection of these penalties. The payment platform will be responsible for protecting and tokenizing your customer's card data, which is essential according to PSD2. Any other way of making these charges will place you outside the regulations.

Non-refundable reservations and prepayments before the customer arrives at the hotel: If you use non-refundable rates or partial prepayments and want to charge the customer's card before they arrive at the hotel, we would be talking about online transactions (for the total or a fraction of the reservation), and the PSD2 regulations do apply.

Your hotel must manage this type of payment through a virtual POS or payment platform. To complete the payment, the platform will require your client to have at least double security authentication. This regulation applies to any online payment, including OTAs.

What is tokenization?

Tokenization is used to provide security to credit cards. When registered on a payment platform, the customer's credit or debit card number is replaced by a series of randomly generated numbers (a token).

These tokens can pass through the Internet or the networks necessary to process the payment without the actual card details being exposed. In this way, the card digits are kept safe inside a security "vault" that prevents the card data from being used for fraudulent purposes. This process is carried out by the companies that provide the virtual POS and the payment platforms themselves.

How does PSD2 affect my telephone or email sales?

Telephone and email sales (MOTO or Mail Order and Telephone Order) are exempt from PSD2 regulations. Charges can continue to be made as before, using only the card number and without double authentication. To do this, the POS must be configured to make MOTO-type transactions and must be authorized by the acquiring bank (your hotel's bank).

Call centers will be able to sell without the regulations applying to them. That being said, it is common and recommended practice to avoid capturing the card over the phone. It is common to send an email to the customer with a link to a secure platform where they will finalize the purchase, following the PCI DSS (Payment Card Industry Data Security Standard) regulations.

Does PSD2 affect payments from and to the United Kingdom?

The final outcome of the Brexit negotiations will decide whether the United Kingdom is governed by PSD2 regulations.

How can Roiback help you simplify your payment management?

At Roiback we have developed a payment management platform connected to the main POS and payment platforms, to help the hotel apply collection rules linked to the rates automatically.

For example, semi-flexible rates in which the customer is charged a part or the total amount X days before arrival; or semi-flexible rates in which the customer is charged in several payments from the moment of booking until arrival. You can also decide to charge a percentage X days after making the reservation as a deposit.

Any collection rule that you link to a rate will be executed automatically. This offers you a very high degree of flexibility to define attractive payment methods for the customer, without it entailing additional work for the hotel.

In addition, the Roiback booking engine is integrated with the main payment processors in the market.

Remember

The PSD2 regulation will be mandatory on January 1, 2021.
From that date, to make online charges to your customers you must contract a Virtual POS or the services of a payment processing platform.
In addition to managing online charges from your customers, a payment platform will allow you to charge no-shows and penalties for out-of-time cancellations.
Roiback, in addition to being integrated with the main payment gateways in the market, also offers you Epayments Manager, a payment management platform that helps you automate your prepayments, split payments or payments at the hotel, in strict compliance with PSD2 regulations.