Remember the ban on credit card fees (PSD2) that came into force early last year? Well, the second phase of this directive will be rolled out across the EU in September this year. Also known as the Strong Customer Authentication, this second phase of PSD2 will be another measure to create a Digital Single Market in Europe, preparing the EU’s single market for the digital age.
The new measure is meant to reduce fraud and make online payments more secure. It also means that when you accept payments online, you will need to add more authentication steps when your customers make payments on your website. The authentication must include at least two of these options:
- something only the user knows, such as a password or PIN
- something only the user possesses, like a hardware token or mobile
- something the user is, like a fingerprint or face recognition
Starting 14 September 2019, payments that aren’t following these criteria will be declined by the banks. These authentication requirements will apply if someone whose bank is located in the EEA makes a payment to a business that is also located in the EEA. There are a few exceptions such as low risk transactions, transactions below €30, fixed amount subscriptions, trusted beneficiaries, phone sales, corporate payments, in person transactions and direct debits.
So, what do you need to do?
First of all, don’t panic. If you’re using a travel booking and back office system that’s integrated with payment gateways, it’s likely you don’t need to do anything as the software provider will be making the necessary changes to comply with SCA. So, it’s best to get in touch with your travel software provider and find out what they’re doing in order to support the requirements.
If you’re not already using a travel booking and back-office system, it might be worth considering adopting one.