PSD2 and 3DS FAQs

Mews PaymentsSecurity

Payments Services Directive Two or PSD2 is a European regulation that requires payment providers to authenticate all payment transactions in order to protect consumers. Mews uses an authentication solution called 3D Secure for PSD2 compliance. PSD2 includes Strong Customer Authentication (SCA) requirements. You can learn more about SCA requirements and the affected countries here

In this article, you can find answers to the following questions:

 

What is 3DS?

3DS is an authentication solution that provides an extra layer of security for your payments. 3DS requires users to authenticate payments by entering a code or password or using fingerprint unlocking on their device.

 

How does 3DS work?  

The flow works like this:

  1. Booking instance.
  2. Triggers payment.
  3. At this point, the bank decides whether to authorize the payment.
  4. The card issuer sends an authorization email to the guest for payments waiting for authorization.
  5. The guest receives the email and verifies the payment.

Payments can take longer to process depending on whether they are on session or off session.

  • On session are payments where the user provides their card details and the card charged simultaneously. For example, if a guest books a stay with the booking engine.
  • Off session payments are payments where the user provides their card details for the property to charge their card later. For example, if the system stores the card, then charges it later for minibar charges.

The processing speed depends on the time it takes the guest's bank to verify the payment, but typically the verification of On session payments is faster.

 

Which payments are subject to 3DS?

Physical, not virtual, payments from cards issued in the European Economic Area (EEA) and the United Kingdom are subject to 3DS. There are some notable exemptions:

  • Payments below 30 euro: Transactions below 30 euro are considered "low value" and may be exempt from Strong Customer Authentication (SCA).
  • Authorization for multiple charges: Once a guest validates a card at your property, you don't need to validate payments on that card later. 
  • Mail Order and Telephone Orders (MOTO): Please see the question below for information on MOTO transactions.

As with all exemptions, the issuer makes the final decision about whether the payment requires authentication.

 

When is a transaction considered a MOTO?

According to recent SCA regulation updates, Mews can process all third-party payments, such as payments from OTAs as MOTO, i.e., Mail Order/ Telephone Order payments. MOTO payments are applicable for an exemption from 3D Secure verification, but the cardholder's bank makes the final decision.

The flow works like this:

  1. Guest makes a payment through an OTA.
  2. Mews payment providers process the payment and request an exemption from the cardholder's issuing bank.
  • If the bank declines the exemption, your customer must verify their payment,  the same as before.
  • If the bank accepts the exemption, the payment goes through without verification, as do all subsequent payments with that card.

 

Are preauthorizations subject to 3DS?

Yes, preauthorizations are subject to 3DS payment flows just like other payments.

 

Can I still charge a credit card after the guest has left?

Yes, if the guest has already authorized a payment. Once a guest validates a card at your property, you don't need to validate later payments on that card.

 

How can I collect money from guests that do not approve the payment?

You should process payments through your Mews Terminal to prevent this situation as much as possible. Mews Terminal payments, requiring guests to input a PIN, are not subject to 3DS. Mews now has multi-charge authentication enabled, so you can prevent this by ensuring your guests validate their first payment at your property.



You can learn more about PCI compliance here

 

Was this article helpful?
10



Feedback

Related Articles