Credit card pre-authorizations are essential to a hotel’s revenue management strategy.

NB: This is an article from Revenue Team by Franco Grasso, one of our Expert Partners

This is especially true in high season when you’re counting on maximizing your revenue. Last-minute cancellations and no-shows can leave you with a hole in your revenue projections if you don’t use them or if you leave them in the hands of the OTAs.

Subscribe to our weekly newsletter and stay up to date

So why do so many hotels neglect to control pre-authorizations when the tools exist to make it convenient, efficient, and secure?

What is a Pre-Authorization?

For clarity’s sake, let’s address what we mean by a credit card pre-authorization. A pre-authorization is a temporary hold of a specific monetary amount made on a guest’s credit card when they reserve a room. The amount varies from hotel to hotel. Some hoteliers pre-authorize one night’s stay, while others pre-authorize the entire stay.

Sometimes guests misunderstand the pre-authorization and think it’s a charge. However, it’s not a charge; it’s a temporary hold that validates the credit card and reduces fraud. For example, if the potential guest doesn’t have enough credit on the card, they won’t be able to reserve the room with that card. Likewise, the hold will alert the bank and cardholder if it turns out to be a stolen credit card number.

In both cases, the guests and the hotel are protected. The hotel gets a guarantee during busy times, and the guest has more flexibility than a non-refundable rate as they can cancel until the cancellation window allows for it.

Common Reasons Why Hoteliers Don’t Pre-Authorize

Many hoteliers don’t use pre-authorizations usually for one of the following reasons:

  • Lack of time
  • Lack of will
  • Lack of authorizations (by the ownership)
  • Lack of permissions (by the banks)
  • Lack of means (POS)

Those are all expensive reasons. Some hoteliers opt to let the OTAs handle the pre-authorizations because that may seem easier. However, that’s also a costly proposition because the OTAs sometimes undercut their rates to encourage a booking. Your revenue management is not their concern.

Below, you’ll see a few screenshots that demonstrate the potential lost revenue when leaving pre-authorizations up to OTAs.

However, when you take on pre-authorizations internally, you probably have questions.
For example, you might ask:

  1. When should pre-authorization occur?
  2. How long before and for what amount?
  3. When and how should it be canceled/released?

Pre-Authorization Is Key in Revenue Management

Revenue management is a toolkit that increases a hotel’s profits. One of those tools is adjusting your rates due to market demand.

This means pre-authorization may not make sense in low season. When you rely on last-minute room sales, one way to increase your hotel’s online visibility is to NOT require pre-authorization because when potential guests browse OTAs using the “book without a credit card” filter, they’ll be more likely to see your property.

But in high season, hotel-controlled pre-authorizations make sense because they prevent income loss from last-minute cancellations or no-shows. This approach drives higher profit percentages when you review your numbers.

  1. How early should you pre-authorize?

If you’ve never taken pre-authorizations before, you might wonder when you should place the hold. Many hoteliers opt for 10-15 days before the guest’s arrival. That’s enough time to freeze an amount for no-shows, late cancellations, early departures, or property damage.

A 10-15 day timeframe is also ample time to discover the card’s validity. If you find it’s not valid, you can report and cancel the reservation while still having time to resell the room at the correct rate. That way, you maintain your revenue projections without losing money to discounted rates.

  • What amount should you pre-authorize?

Some revenue managers have a cancellation fee of one night and others charge for the entire stay. You can use your property’s cancellation policy as a guide. Additionally, your location may make a difference as in some countries hoteliers pre-authorize higher amounts than the stay to protect against damage or theft.

  • When should you release the hold?

Banks and credit card providers often automatically release pre-authorizations after 15 or 20 days. Hotel staff can release it manually if guests prefer to pay by another method. If the guest prefers to use the credit card on file, then you can do that too and turn the pre-authorization into payment.

However, as you’ll see below, you’ll want to control the pre-authorizations in-house.

How OTAs behave

OTAs clearly define the parameters of pre-authorization towards customers at all booking stages, putting hoteliers in a position to feel more protected against customers in bad faith and, at the same time, have a clear conscience even in the face of upset customers. Hoteliers themselves can reduce possible complaints by clearly communicating this practice in their post-booking and pre-stay messages.

On some OTAs, such as, hoteliers can set the pre-authorization parameters directly on the extranet (Property->Policies for and Payments->Manage Payment Settings for Expedia). This appears on the public page front end.

How to make pre-authorizations and regulations on electronic payments

There are two ways of making pre-authorizations:

  1. The traditional (analog) version happens via the so-called POS (point of sale.) You manually type in the credit card information and the pre-authorization amount. The guest does not need to be present.
  2. The modern method is digital. Online payment gateways connect to the relevant bank, automating the pre-authorization with a click. There’s no requirement for manual entry. 

Not only is the digital method more convenient and practical in today’s world, but it’s also more secure. As a result, digital pre-authorization is mandatory in certain areas. In Europe, the psd2 (Payment Service Directive 2) keeps credit card details safe. It requires Strong Customer Authentication (SCA) in the context of online payments. If the customer is not physically present, SCA verifies guests’ identities via one of three authentication methods.

  • Password or PIN
  • Mobile device (such as a phone)
  • Biometric data (fingerprint)

Pre-authorization isn’t an actual payment, though it can become one if needed. It also protects your property from loss associated with property damage, no-shows, or last-minute cancellations.

When OTAs manage online payments, hotels lose out

Hoteliers who leave pre-authorization up to the OTAs often lose money. Some do this because they feel more protected from potential fraud or want to place the blame elsewhere when facing an unhappy guest.

Allowing the OTAs to handle a hotel’s pre-authorizations might seem convenient as it saves time. However, with this capability, OTAs can undercut your rates any time they want, as you can see below.

First, you can see how and Expedia set up pre-authorizations: (Property->Policies in the extranet) and Expedia (Property details->Fees, policies and settings->Payment methods in the extranet.) This is how you set it up.

pre-authorization preferences on
pre-authorization on expedia

Letting the OTAs handle it does save time and avoids credit card fraud. Yet, it can create a revenue problem. In fact, you must allow guests to pre-pay online as a prerequisite, as per the screenshot below.

For example, if a guest pre-pays online via the OTA, as seen in this screenshot, and then sees a cheaper rate, what then?

OTAs take online payments, and they’ll cut their own commissions sometimes to make the sale at the expense of the property. They can accept payment from customers, then apply a lower price and send the hotel a virtual credit card with the full amount without the hotel sometimes even noticing.

Below are some screenshots that represent the problem.

Such undercutting can derail your entire revenue management plan. However, if you handle your online payments and pre-authorizations internally, then you remain in control.

Challenges with OTA pre-authorization

With software tools, you can track and match the OTA rates if they undercut your prices.

This is helpful if you want to prevent guests from booking on an OTA at a lower rate. However, if you match the OTA lower rate, then you reduce your Average Daily Rate (ADR), which may not keep with your revenue management goals.

After all, the OTA has hundreds of properties on its platform. They can afford to discount their rates as a loss leader, while that business model rarely works for a small hotel.

Sometimes the OTA will discount as much as 40%. This is especially true in the last-minute phase. While their algorithms may decide it’s worth cutting their commission that much, if you’re expecting the typical 15-20% commissions, then you can see how this can be a problem.

Why would the OTAs take such a steep discount? In some cases, OTAs would rather earn the trust of customers even if it means a financial loss.

However, for the hotel, it rarely makes sense. However, you can paradoxically guard against such discounts by allowing the customer to book on the OTA. That way, the net margins are higher (from the OTA reservation.) The net margins are higher because the OTAs load the full amounts on virtual card numbers.

For example, imagine you offered a room rate of $100 on all available channels. You’ve based this rate on demand. Your hotel accepts online payments from and shows a price of $90 to your guest. The reduced price cuts into the OTAs commissions but they’ll take it as a loss leader to bring in a new customer.

The OTA sends a virtual card with the full amount of $100. At first glance this doesn’t affect the property’s net margins. Yet, when the guest calls the hotel and says they saw the room for $90 on, the hotel lowers its rate to match.

Now if the OTA undercuts the rate by much more – as much as 40% – it’s better for the hotel not to match that rate. They can let the guest book through the OTA. Here’s why. If the hotel matches the rate they’ll achieve a net margin of 60 (100-40%.) If the guest books via the OTA, the hotel will receive the total amount on the virtual card. Then, they’ll pay the commission out of that making for a net margin of 82 (100-18%.)

The OTAs also don’t guarantee they’ll collect penalties. Then, as the hotelier, you don’t know when or how much they’ll pre-authorize and you’re also expected to pay the cost of fees for those virtual card transactions. That can reach as much as 3%.

card validation and pre-authorization preferences on

As a hotelier, if you maintain control of guest credit cards and their pre-authorizations and penalties, then you won’t lose profit by relying on OTAs to manage the payment process. When hoteliers make these changes, most see little if no difference in booking volumes but instead enjoy more direct bookings and greater rate transparency.
pre-authorization preferences on

A cloud-based property management system (PMS) makes it easy. A PMS automates the entire pre-authorization and payment process handling both OTA customers and those who book direct via the site or phone/email, the so-called MOTO reservations (Mail Order / Telephone Order.).

How to avoid chargebacks and fraud risks

You’d be right to consider the safety of credit card data. In the past, front desk staff might take phone reservations by jotting down credit card details on a piece of paper. Or, take them via email with copies of the document and the front/back of the card attached, which is at risk of hacking.

Neither method is secure. However, modern property management systems (PMS) can help. They offer the option of using a link to request payment authorization. Then, the PMS sends the link to the customer by phone (Whatsapp, for example) or email.

Once the customer opens the link, they authorize the credit card as a guarantee (through two-factor authentication) and consent to the pre-authorization process before check-in. If they don’t allow it, the hotel can mark the card invalid and cancel the reservation. Or, if it’s a low demand time, the hotel can opt to ignore it and see if the person shows up.

With the new PSD2/SCA regulation, there is a secure process that relies on a double verification requiring the guest to enter a private code that proves they own the card. Not only is this fraud protection, but it also protects the hotel from chargebacks if the guest doesn’t arrive and you charge a no-show penalty. It also reduces the risks of hacks and sloppy data handling.

Digitizing pre-authorizations reduces the risk of fraud and chargebacks. A modern PMS offers further fraud protection in that it allows you to “tokenize” credit card data. By converting the credit card data into a specific identification number, that number is only good for the reservation and any potential penalties, so it can’t be used elsewhere.

Once the card (or the token) is in the system, you can pre-authorize it, release it, or turn it into payment with a click of a button.

When you handle pre-authorizations through links vs. the OTAs, then you retain control of your revenue.


At this time PSD2 is specific to European hotels though credit card security is essential everywhere. The combination of a PMS and a booking engine that works with payment gateways, reduces fraud potential and allows the hotel to maintain control over their revenue management.

Based on the experience of the Revenue Team by Franco Grasso working with over 2000 customers worldwide, hotels with internal control of their pre-authorization maintained cash flow and enjoy 5-10% higher total revenue per available room (Trevpar) than hotels that do not pre-authorize cards.

Pre-authorizations are an indispensable way for hotels to project and preserve cash flow as they protect hotels from losses like late cancellations, chargebacks, no shows, and property damage. Plus, automation makes it easy, efficient, and secure to handle payments. There’s no need to delegate financial transactions to OTAs and risk them undercutting your rates.

Read more articles from Revenue Team by Franco Grasso