On 31 December 2020, the PSD2 regulation finally enters into force, the first attempt of which was postponed in September 2019 due to the lack of adoption by most banks and the industry in general.
NB: This is an article from mirai
To summarise, PSD2:
- Regulates online transactions within the European area: customer card and bank (acquirer) are within EU territory. It does not apply in the rest of the cases.
- Requires double authentication (SCA or Strong Customer Authentication).
- Receipt of a PIN to a telephone is the most widespread method, but it is not the only one, as new authentication methods have appeared, such as Apple Face ID and fingerprints (evolutions brought by 3DS2).
Last year, we wrote an extensive post about PSD2 and its impact on direct sales in hotels, which we recommend you re-read for all the details. In the post, we discussed the scope of PSD2, the meaning of SCA, the differences between 3DS2 and 3DS1, as well as the various exceptions to the rule.
Where we’re heading: payment trends beyond PSD2 and PCI
PSD2 is really just the catalyst for a change in the way customers are charged, as well as the storage (or rather, moving away from the storage) of credit cards as guarantees. The direction we’re heading in is:
Do not save or use customer credit cards
○ You should stop storing credit cards in the PMS, especially without encryption. This is an unnecessary risk and provides fewer guarantees for you, as you will be defenceless against customer reversals and chargebacks.
○ If you still store cards in the PMS, you must use them securely without visualising the card number via integrations with payment platforms.
○ Both of these points will help you to comply with PCI regulations, which the hotel sector will have eventually implement, if you have not already done so.
Charge, validate and tokenize the card according to the type of rate
○ Non-refundable rates and payment at the time of booking will be processed securely with a reliable payment gateway, with no impact on conversion, while ensuring PSD2 compliance.
○ For flexible and pay at hotel rates, you may validate the card to ensure it is not fraudulent. You would not store the card but rather a token on which you could charge the penalty in the event of a no-show.
Alternative payment methods
○ In addition to allowing customers to pay by credit card, you should start offering alternative forms of payment closely linked to mobile devices. Some examples are PayPal, Apple Pay, Amazon Pay, Bizum or Wechat.
Payment management, a competitive advantage for OTA’s
OTA’s that charge the customer (merchant model) have a great competitive advantage over direct sales in terms of payment management. We are mainly talking about Expedia (native of the merchant model) and, increasingly, Booking.com, which is moving decisively towards this model, moving away from its original agency model where the client pays directly at the hotel.
Charging the customer gives OTA’s the following advantages:
1: Lower costs: As they have scale, they support much lower costs than hotels can through their direct channels.
2: More payment methods accepted:
○ Types of cards: As global players, they accept all existing credit cards and not just the classic Visa and Mastercard that many hotels accept on their website. We’re not just talking about Amex, but also JCB, Diners or Discover.
○ Alternative payment methods: This same scale allows them to innovate with all alternative forms of payment in each market, even the most regional or country-specific (Ideal in the Netherlands or Wechat in China).
3: Ability to produce disparities: Pre-charging the customer and then paying the hotel gives them the “power” to create disparities (as they do and will continue to do).
The PSD2 regulation will give OTA’s the perfect excuse to push towards the merchant model that brings them so many advantages. Removing the complexity of charging hotels brings value, that’s for sure, but it hides two important traps:
4: More disparities and more difficult to control. The merchant model is intrinsically connected to generating disparities. It’s part of their DNA.
5: Higher costs for you. Beware of the costs, as virtual credit cards usually lead to an increase in commission of between 2% and 3% depending on the provider.
A good payment processor, your best ally
Given these three challenges: the entry into force of PSD2, the need to stop storing (and processing) credit cards and the urgency to reduce the competitive advantage of OTA’s, it is time to think about implementing a good payment processor or PSP (or Payment Service Provider) and integrating it into your booking engine.
A payment processor that enables you to achieve all the goals we’ve set:
- Securely collect non-refundable rates (non-refundable rates will return to reasonable levels once the Covid-19 crisis is over).
- Validate cards for flexible rates and allow us to charge earlier in the event of no-shows or late cancellations.
- Comply with PSD2 and PCI regulations (as you move from storing and processing credit cards to using tokens).
- Offer alternative forms of payment so that customers can pay using the method most convenient to them.
At Mirai, in line with our philosophy, we have chosen to offer our clients more than ten different payment processors so that each client may choose the option that best suits them and their needs.
Features you should look for in your ideal payment processor
A payment processor is much more than a tool for charging for non-refundable bookings. There are many alternatives on the market and it is not easy to choose. We have provided you with a list for reference, so that you can compare the different proposals. Remember that you should not only look for the best option, but the one that best suits your hotel and integrates with your systems.
- Usability and impact on conversion. Getting a customer to book through your website is difficult. However, losing customers because of a bad payment experience is easy. Customers, and more so when they are paying, are looking for reliability, security and predictability (that everything is as expected). Try to ensure that:
○ Payment processing is integrated into the booking (iframe), without opening another page (redirect).
○ The look&feel is maintained, especially if it is on another page. By image, we’re referring to your logo, styles and colours.
○ It allows you to charge customers in their currency. When paying for something, almost everyone prefers to see the amount in their own currency, especially if they’ve been browsing and choosing products in that currency. Many processors allow you to charge the customer in different currencies. Some do not. In cases where the customer has to pay in another currency, it is important that they are well informed before passing to the payment gateway to avoid confusion.
○ Language is also maintained at the time of payment. There are issuing markets with languages that are far from the classic English or French. For example, Swedish, Russian or Chinese. If, at the time of payment, you take customers to a platform that is only in English or Spanish, that will apply the brakes to conversion on your website.
Use of credit cards for non-refundable rates
○ What types of cards does it accept? Think about your markets and look for the cards that are common there. Amex in the USA or JCB in Japan are some examples.
○ Does it allow double validation or SCA (Strong Customer Authentication)? If so, how does it do it or what granularity does it allow?
– Does it allow you to activate it by card issuing market? For example, in France and Germany yes, but not in the UK and USA.
– Can you activate SCA for transactions above a certain amount? For example, can you request SCA for charges over €500 only?
– Does it have a “PSD2 mode” where you “require SCA on all transactions within the EU” but not for the rest? This is the most conservative decision. (Why require SCA in markets where it is not mandatory and double authentication is not so widespread?).
○ Is it adapted to 3DS2 for two-factor authentication or SCA? 3DS2 allows many more ways of double validation beyond the classic PIN to mobile. Apple Face ID, fingerprint or pop-up messages in a banking app are just some of the options provided by 3DS2, and which lead to much better conversion rates than the previous 3DS1.
Acceptance of alternative payment methods for non-refundable rates
○ What alternative payment methods does it offer you? There are many, such as PayPal, Amazon Pay, Ideal, Sofort (now Klarna), Apple Pay, Bizum and WeChat. Ask for a list of those available and check them against your strongest markets, as many are exclusive to a particular market (WeChat in China or Sofort in German-speaking countries and the UK).
○ Does it accept payment with crypto currencies such as Bitcoin? It’s still a small market but it’s growing and including this form of payment could offer a competitive advantage.
Validation and tokenization of cards for flexible rates
○ Can you check that the card exists and isn’t fraudulent without charging it? This will avoid fake bookings and all the irritation and problems that come with them.
○ Does it allow double authentication (SCA) to be applied to these cards?
○ Does it tokenize the card in such a way that you no longer store card numbers but tokens? This avoids the risks involved and protects you from potential reversals or chargebacks.
○ Does it allow you to charge in the case of no-shows or late cancellations? This is called MIT or Merchant Initiated Transaction. Since you do not have the card number, you will need to initiate a charge on that token, if necessary.
Available operations on the control panel
○ Does it allow you to make refunds from the control panel? Partial refunds as well?
○ Does it allow you to initiate a transaction (a charge) on a token already authorized by the customer or MIT? If so, find out about the limits of this operation. (How long can you do it? Up to what amount?).
○ Does it allow you to schedule charges? If you have rates with partial charges on certain dates, having this option will be important. Not all processors allow it.
○ What statistics does the panel provide? Knowing the most common payment methods by country of origin or amount is useful for understanding your customer and being able to adapt your product to them.
Countries of operation and limitations
○ In which markets does it allow payment processing? Are there any limitations? Make sure you can charge customers in your primary markets.
○ In which countries can you deliver money (settlement)? Confirm that it works with your account, your bank, in your country and in your currency.
○ Is there a minimum annual transaction amount?
Integration with your PMS and other hotel operations
○ Does it allow you to manage payment collection operations from your PMS? It is the most natural place as most day-to-day work takes place in the PMS.
○ Does it at least provide information on the payment method or date of deposit (cash flow) in the PMS? Any information that automates your accounting processes and cash flow forecasting counts.
○ What are the costs of each operation: payment collection, validation and alternative payment methods? Are there fixed costs? As a suggestion, you will be asked to estimate the volume of each of these operations (you can calculate your non-refundable sales volume and flexible rates).
○ Remember that this is a cost that already exists in the way you currently charge at your hotel. Therefore, it is not a new cost but a cost that you “move” from the physical POS to the online one.
○ Also remember that the cost varies greatly depending on the transaction. International transactions are much more expensive than domestic ones.
○ It is also important to note that a payment processor may have an alliance or relationship with your current bank, which may lead to synergies such as cost reduction in other areas of your hotel not related to online sales. Take all these variables into account when making a decision.
○ What are their future plans? What improvements will they offer you in the coming months or years? Payments are evolving very quickly and choosing a dynamic and proactive player is key.
In the coming years, we’ll see a major evolution in payment methods from a market dominated by credit cards to a very diverse, complex and changing ecosystem with a multitude of diverse forms of payment closely linked to mobile devices.
Hotel payment collection and guarantee operations will have to adapt or they will lose competitiveness as OTA’s incorporate all these improvements. PSD2 and PCI regulations are only the first signs of the changes to come and they should make us reflect and start working on these issues.
Nothing will change on 1 January 2021 (when PSD2 comes into force), but don’t relax too much as there will be many changes from 2021 onwards in terms of payment collections; ignoring it is not an option. In order to make the best decision, the first thing to do is to conduct adequate research, which will help you to compare the different alternatives. Once that’s done, making the decision and implementing it is the easy part.