With the revised Payment Services Directive PSD2, which has been implemented in national law by the member states, the EU legislator is taking the increasing digitization of European payment transactions into account.
One of the key points of PSD2 is the obligation for so-called "Strong Customer Authentication" (SCA). This means that online and card payments now basically have to be confirmed by two independent characteristics from the categories of knowledge, possession and inherence. We therefore speak of so-called two-factor authentication (2FA).
For certain payment products in the corporate payment area, Regulation 2018/389 of the European Commission on SCA (RTS) provides for a catalog of exceptions to the requirement of two-factor authentication under certain conditions.
This comes with a change in the booking process for Atlatos customers, depending on the payment method used.
| Payment Method | Booking by the traveller himself | Booking by third parties (assistants, travel department etc.) |
| Privat credit card |
Strong Customer Authentication takes place on the basis of a second feature, e.g. entering the PIN sent by SMS SMS |
Booking difficult: second characteristic of the cardholder required when booking Recommendation: switch to a central payment process or, if possible, whitelist all providers used by the credit card provider |
| Personal company credit card | Strong Customer Authentication takes place on the basis of a second feature, e.g. entering the PIN sent by SMS SMS | Booking difficult: second characteristic of the cardholder required when booking Recommendation: switch to a central payment process or, if possible, whitelist all providers used by the credit card provider |
| Payment via lodged cards (e.g. AirPlus or Amex) | No change in the booking process | No change in the booking process |
| Payment via a one-time virtual credit card (e.g. AirPlus AIDA) | No change in the booking process | No change in the booking process |
If strong customer authentication is required, this does not imply a two-factor authentication for every booking, as this also depends on the provider of the travel service. As of 01/01/2021, strict customer authentication will be carried out for the following providers in the Atlatos Profi Traveller.
| Type | Provider | Implementation of Strong Customer Authentication | Implementation takes place on |
| Flight | GDS bookings (Amadeus) | There is a redirect to an Amadeus booking mask with the option of entering the authentication data. | 01/01/2021 (technical go live on 09/12/2020) |
| Farelogix bookings (direct connection Lufthansa Group) | The authentication data will be requested in the Atlatos Profi Traveler after the booking. | 01/01/2021 (technical go live on 23/12/2020) | |
| Eurowings bookings | The authentication data will be requested in the Atlatos Profi Traveller after the booking. | 01/01/2021 (technical go live on 09/12/2020) | |
| LowCost Carrier bookings | After the booking is completed, there is a redirect to an external validation check with the option of entering the authentication data. | 01/01/2021 (technical go live on 09/12/2020) | |
| Train | Deutsche Bahn (BIBE interface) | The authentication data is queried in the last booking step (SCA check). | 01/01/2021 |
| Hotel | HRS | Currently there is no strong customer authentication. Measures are planned by HRS for the first quarter (date not known). Afterwards the implementation in Atlatos takes place. | No implementation date known |
| ehotel | Currently there is no strong customer authentication. Measures are planned by ehotel for the first quarter (date not known). Afterwards the implementation in Atlatos takes place. | No implementation date known | |
| DERHotel | There is no Strong Customer Authentication, as these are only reservations and the customer pays on site or a central payment method is used. | ||
| CRC | There is no Strong Customer Authentication, as these are only reservations and the customer pays on site or a central payment method is used. | ||
| booking.com | Currently there is no strong customer authentication. Measures are planned by booking.com for the first quarter (date not known). Afterwards the implementation in Atlatos takes place. | No implementation date known | |
| Premier Inn | There is no Strong Customer Authentication, as these are only reservations and the customer pays on site or a central payment method is used. | ||
| Rental Car | Sixt | There is no Strong Customer Authentication, as these are only reservations and the customer pays on site or a central payment method is used. | |
| Europcar | There is no Strong Customer Authentication, as these are only reservations and the customer pays on site or a central payment method is used. | ||
| Avis | There is no Strong Customer Authentication, as these are only reservations and the customer pays on site or a central payment method is used. | ||
| Enterprise | There is no Strong Customer Authentication, as these are only reservations and the customer pays on site or a central payment method is used. | ||
| Hertz | Strong customer authentication takes place depending on the offer. | Implementation planned for mid-January | |
Further posts:
AirPlus: Strong Customer Authentication (SCA)
Comments
0 comments
Article is closed for comments.