PSD2 stands for the Second Payment Services Directive. It is a European Union directive that aims to regulate payment services and payment service providers throughout the EU and European Economic Area (EEA). PSD2, which came into effect in September 2019, builds upon the original Payment Services Directive (PSD) to enhance consumer protection, foster competition and innovation, and improve the security of payment services across the European Union (EU) and European Economic Area (EEA).

This regulation mandates that any single online transaction over 30 EUR within the EU must use secure and dependable two-factor authentication. This requirement applies even if one party (payer or payee) is located outside the EU at the time of the transaction.

Two-factor authentication (2FA) under PSD2, also known as Strong Customer Authentication (SCA), is a security process that requires the use of two or more authentication factors to enhance the protection of electronic payments and reduce fraud. The different types of authentication factors are:

• Knowledge: Something the user knows (e.g., password, PIN).
• Possession: Something the user has (e.g., smartphone, token).
• Inherence: Something the user is (e.g., biometric data like fingerprint, facial recognition).

PSD2 influences how credit card data is handled, requiring clear disclosure in terms of use regarding its usage, such as for late cancellations, payment guarantees for hotel stays, covering additional expenses like minibar use, and more. Guests must accept these terms upon booking. For advanced payments exceeding 30 EUR made via the website's booking engine, two-factor authentication is mandatory to comply with PSD2 regulations.

However, it's essential to note that PSD2 requirements apply exclusively to online payments. Transactions involving credit cards received from travel agents, online travel agents (OTAs), or directly from guests via phone or email do not require two-factor authentication.

If you utilize a third-party booking solution, we recommend contacting the provider directly to confirm their compliance with PSD2 regulations. This ensures that your payment processes remain compliant with current legal standards for secure and regulated transactions.