This document will cover the changes to the Payment Services Directive (PSD2) for Trust Payment (formerly Secure Trading) customers only. Information for Worldpay and Windcave customers will be published shortly.
The changes introduce measures to improve the security and accessibility of digital payments. Specifically, the "policy" introduces additional customer authentication measures that require an enhanced version of 3D Secure (3DS2). This is to be implemented by all payment providers; all merchants are to be fully converted by September 2021
What is 3DS2?
3DS2 will improve the security of online payments, whether direct, mobile, in-app or via digital wallets. Unlike 3DS1, customers will no longer have to remember passwords or navigate through cumbersome pop-up windows. Instead, 3DS2 relies on multi-factor authentication. This provides better fraud protection, ensures an easy payment experience, and significantly reduces shopping cart abandonment.
What is required of my hotel?
Nothing. All Guestline products currently support the minimum requirement for Strong Customer Authentication (SCA) with 3D Secure 1 (3DS1) technology.
In March, we will update your Guestline payment pages (powered by Trust Payments gateway) to include support for 3DS2. We will notify you of any changes as they become available. In the meantime, you should find the FAQs below helpful.
If you have any questions, please contact firstname.lastname@example.org
Have the dates changed?
The SCA requirements and third-party access framework went into effect in September 2019. In April 2020, the FCA announced a deferral of SCA until September 14, 2021 in the U.K. to help merchants avoid the impact of Covid-19. The deadline for the rest of the European Economic Area (EEA) is December 31, 2020.
Our hotel is located outside of the UK. How will we be affected?
No differently than customers in the UK. All Guestline products currently support the minimum requirements for Strong Customer Authentication (SCA) with 3D Secure 1 (3DS1) technology.
After March, we will update your Guestline payment pages (powered by Trust Payments gateway) to include support for 3DS2. We will notify you of any changes as they become available.
What Guestline products will be affected by 3DS2?
Any digital transaction conducted online, mobile, in-app or via digital wallets powered by a Guestline payment site:
1. direct booking manager (DBM)
2. GuestPay, PayLink
What does this mean for my hotel in practice?
3DSv2 will have a big impact on the way merchants take customer payments. On the front end, however, you should see smoother transactions. As the deadline approaches, expect more rejections if any part of the authentication chain is not fully 3DSv2 compliant.
Will PSD2 continue to apply post-Brexit?
Yes. Regardless of Brexit, businesses that accept payments where the card issuer and acquirer are based in the European Economic Area (EEA) will need to apply Strong Customer Authentication (SCA) to online payments.
Any digital transaction conducted online, mobile, in-app or via digital wallets operated by a Guestline payment site:
1. direct booking manager (DBM).
2. GuestPay, PayLink
Please note, card-not-present transactions (MOTO) are excluded from 3DS2.
We use payment sites powered by Trust Payments. What steps do I need to take?
Trust Payments' own payment sites support 3DS2 "out of the box". No action is required on the part of the merchant.
Payment Services Directive 2
EU legislation that replaces the original 2007 Payment Services Directive (PSD), which aims to standardize consumer protection, the rights and obligations of payment providers and users, and increase competition in the payments industry. PSD2 aims to make payments safer and further protect consumers while reducing friction in the European payments market.
PSD2 builds on previous legislation in the following three areas:
Increased customer rights, including in the areas of complaint handling, new rules on surcharges and currency conversion.
Increased security through strong customer authentication (SCA).
Allowing third party access to account information to provide a framework for new payment and account services
Strong Customer Authentication (SCA).
The principles of multi-factor authentication to be implemented as part of the overall PSD2 legislation. Specifically, authentication based on two or more of the following elements in relation to the payer:
Knowledge: Something that only the customer knows, e.g., a PIN or password
Possession: something only the customer has, such as a cell phone or payment card
Inherence: something that only the customer has, such as their fingerprint.
3D Secure v2 (3DSv2).
EMVcCo's SCA specification. EMVCo is the technical body that sets the standards for payment interoperability. 3DS v2 is intended to be less intrusive than the first version of the specification and allows more contextual data to be sent to the customer's bank to verify and assess the risk of the transaction. The customer will only need to pass an authentication check if their transaction is deemed high-risk. Redirects to a separate page will no longer be required.
The original fraud prevention measures introduced by Visa (as Verified-by-Visa) and adopted by Mastercard (as Mastercard Secure Code) and American Express (as American Express SafeKey).