Credit card regulations in the EEA are changing
Handling credit card transactions is an essential part of your business. How you do so in the EEA will be a little different beginning in September 2019. It’s important that you understand what’s changing in order to assess any potential impact to your business.
Starting in September, new regulations go into effect across all EEA countries related to authentication of consumer credit card transactions.
This new regulation is designed to make electronic payments more secure and reduce credit card fraud for consumers.
The regulation, called the revised Payment Services Directive (PSD2), updates and complements existing EU rules around secure payments. It will now be necessary to use Strong Customer Authentication (SCA) to validate credit card transactions. This means that to prove their identity users will have to provide at least two separate elements out of these three:
- something they know (a password or PIN code);
- something they own (the physical credit card, a mobile phone); and
- something they are (biometrics, e.g. fingerprint or iris scan).
This is known as two-factor authentication or 2FA.
Because this regulation affects consumers across all EEA countries, many banks and companies are already beginning to communicate with consumers about the changes.
For Expedia Group lodging partners in the EEA, this change will have the most impact when you are charging guest cards without having the guest physically present – for pre-stay deposits, or for cancellation or no-show penalties, for example.
Expedia Group can help you navigate the change
Expedia Group takes the security of both traveler and partner data very seriously, and we are putting in place solutions that will support you if you collect the deposits and fees as a necessary part of managing your business.
We will be reaching out to our partners directly in the coming weeks to provide more details about these solutions and how you can take advantage of them.
For more technical information on this new regulation, the EU has provided detailed information.
Countries in the European Economic Area (EEA)
Wondering if a customer needs to complete 2FA? Here’s a list of countries in the EEA:
- Czech Republic
- Republic of Cyprus
- United Kingdom