Comply with regulation while maintaining a frictionless payment experience

The roll-out of PSD2—and its Strong Customer Authentication (SCA) requirements—has had a big impact on how businesses manage their payments. Since 2020 we’ve been providing solutions that help Accor comply with the regulation, while also helping them maintain the smooth, frictionless payment experience their customers love.

The challenge: How to handle PSD2 SCA?

Since January 2021 the Strong Customer Authentication (SCA) requirement of PSD2 for remote transactions has been gradually enforced across Europe. This means that customers are being asked to authenticate more frequently during the payment process, using information such as a fingerprint, PIN or password. 

It’s a positive step for security. But if not implemented well, SCA can result in an increase in checkout time for customers and a poor payment experience (customers needing to pull out their mobile phone to retrieve their one-time password, for example). 

As Europe’s largest hospitality company, Accor processes thousands of payments every day. It was imperative Accor handled the PSD2 SCA requirements well, while maintaining smooth reservation and checkout experiences. This also meant finding one solution that covered all their acquiring bank relationships. 

The dream is frictionless payments: to have the most seamless payment journey for our customers. We are also doing more and more work on our loyalty program. If we can give customers the best payments experience with SCA, it will help us minimize churn and maximize topline growth.

Arnaud Thulliez, Product Director, Accor

What we did

Cybersource has been working with Accor since 2016. One of the reasons Accor chose us to help with its PSD2 compliance efforts in 2020 was the modular nature of our products: we were able to quickly integrate new products into the solution already up and running. The Cybersource solution is also acquirer agnostic, meaning it was a one-stop answer to meet Accor’s wider acquiring needs.

3-D Secure protocol, with Payer Authentication

The first step to help Accor in meeting its PSD2 requirements was to integrate Cybersource plus Payer Authentication. This product provides the benefits of EMV® 3DS—the 3-D Secure protocol allowing to manage SCA. It enables smooth payment authentication on all the devices consumers shop from today, such as mobile phones and tablets. It also provides smarter and broader authentication options, including one-time passwords (OTPs), biometric identification and out-of-band authentication.

Exemptions, with Decision Manager plus Payer Authentication (DMPA)

SCA doesn’t apply to all transactions: some are out of scope (like regular subscriptions), others are exempt (like transactions under €30). To minimize friction even further, we’re now working with Accor to implement Cybersource Decision Manager plus Payer Authentication, which enables Accor to flag these transactions, and request exemptions. 

The key is that Decision Manager plus Payer Authentication screens transactions before Accor submits them for authorization. This allows Accor to build business rules to identify transactions that are out of scope, request exemptions and handle SCA declines by automatically retrying with authentication. This extra capability helps deliver an even more seamless customer experience, as well as protecting the merchant against potential lost sales.

The Cybersource solution is agnostic to acquirers, which is ideal, as we didn’t want to implement one solution for each of the banks that we work with. It’s working well. We’ve also had a partnership with Cybersource and Visa for many years. That was important.

Arnaud Thulliez, Product Director, Accor

The difference our work made

We are very happy with the work. What is really great is that, as well as the solution itself, we also get from Cybersource the support we need on all the different aspects of PSD2 application, payments and processes.

- Elisa Schiess, Product Manager, Accor

Supported compliance with the PSD2 SCA regulation

Accor Hotels are able to comply with the PSD2 SCA regulation with the help of our solutions and support from the Cybersource Managed Risk Services team.

A customer-friendly checkout experience

With a seamless authentication process and developing exemption strategy, Accor Hotels have also seen minimal negative impact on conversion rates post PSD2 enforcement.

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

Find out more about Cybersource and what we can do for you.