Spread the love
Post Views: 3

Thursday 31st of December heralds the end of an unimaginable year – and the beginning of a new one. But it also signifies a new era for online payments, as Strong Customer Authentication (SCA) becomes mandatory across Europe. For any Australian and New Zealand travel companies processing payments by card in Europe, they will need to get SCA ready to ensure payments remain compliant.   

What is SCA?  

For Australian-issued cards, almost 85% of all card fraud is considered card-not-present (CNP) fraud, which involves the unauthorized use of credit or debit data to purchase products and services online. The growing trend of CNP payment fraud is not unique to Australia – according to Europol, in 2013 it accounted for 66% of the 1.44 billion transactions in 35 countries of the Single Euro Payments Area.  

In a bid to reduce online card fraud, the European Union rolled out its revised Payment Services Directive, also known as PSD2. This includes the enforcement of SCA, a set of regulatory standards that mandates multi-factor authentication (MFA) be performed in order to be approved. These factors are categorized in three ways: something you know (password or PIN); something you own (smartphone or token); and something you are (fingerprint, face ID or voice identification).    

How does SCA relate to Australia’s Consumer Data Protection?    

Countries have followed in the footsteps of PSD2 in Europe, with Australia releasing the CNP Fraud Mitigation Framework enforced through AusPayNet that came into effect on 1st July 2019. While Europe’s PSD2 mandates SCA for all online transactions, Australia’s framework only requires SCA for merchants and issuers that are consistently in breach of particular thresholds on a quarterly basis.  

What does SCA mean for Australia’s travel industry?    

If a travel business in Australia conducts a fair number of sales with European-based customers and does not comply with SCA regulations, then payment transactions could be affected. By having SCA protocols in place sooner rather than later, Australian travel businesses can avoid costly business headaches such as downtime due to a last-minute technical issue or worse, risk losing sales.   

How can Australian travel companies get SCA ready?   

There are a number of practical steps that Australian travel businesses can take to get SCA ready:  

1.      Map out specific payment flows: 

Whether you’re a travel agent or travel supplier, understand all the other travel industry parties which touch your online sales such as GDSs, aggregators, property management systems. The best starting point for SCA in travel is to understand and map different payment flows, including payments and technical intermediaries that are required to upgrade systems to make SCA happen.  

2.      Understand different use cases:  

Map out all the different ways in which you handle payments and what you need to do to enable compliant payments. Travel suppliers and agents should clearly agree on who is responsible for authentication and authorization processes for different use-cases and then update contractual terms and conditions to confirm these understandings where necessary.   

3.      Pay attention to merchant-initiated transactions (MITs): 

These transactions are critical in travel, allowing the travellers’ card to be charged for cancellations, hotel minibar purchases or pay by installment plans when the traveller isn’t present. SCA requires travel suppliers and travel agents to present clear terms and conditions for MITs at the time of booking as well as ensuring proof of SCA so MITs can be initiated later in the travel experience.  

4.      Upgrade to 3DS 2:  

For eCommerce payments, it’s also recommended that travel companies move their direct channels to the latest industry authentication protocol, 3DS 2. This is particularly important for travel agents and suppliers involved in ‘multi-merchant’ bookings like package holidays, where 3DS 2 uses ‘dynamic linking’ to significantly improve authentication when multiple suppliers are involved in a booking.  

5.      Collaborate to benefit from exceptions:  

There are a number of exemptions that promise to ease the impact of SCA in travel, for example, the ‘Secure Corporate Payment’ or ‘Whitelisting’ exemptions. Travel companies will need to collaborate with payments, technology and distribution partners to maximize the application of such exemptions.  

As markets work toward similar payments protection protocols, Australian travel companies should consistently evaluate their payments strategies, adopt streamlined payment systems, and ensure they can meet each country’s regulatory for continued business growth and consumer protection.    

To learn more about SCA, read Amadeus’ Strong Customer Authentication in Travel Payments Report.   

Justin Montgomery is General Manager Australia at Amadeus IT Pacific