Supported compliance with the PSD2 SCA regulation
Comply with regulation while maintaining a frictionless payment experience
The roll-out of PSD2—and its Strong Customer Authentication (SCA) requirements—has had a big impact on how businesses manage their payments. Since 2020 we’ve been providing solutions that help Accor comply with the regulation, while also helping them maintain the smooth, frictionless payment experience their customers love.
The challenge: How to handle PSD2 SCA?
Since January 2021 the Strong Customer Authentication (SCA) requirement of PSD2 for remote transactions has been gradually enforced across Europe. This means that customers are being asked to authenticate more frequently during the payment process, using information such as a fingerprint, PIN or password.
It’s a positive step for security. But if not implemented well, SCA can result in an increase in checkout time for customers and a poor payment experience (customers needing to pull out their mobile phone to retrieve their one-time password, for example).
As Europe’s largest hospitality company, Accor processes thousands of payments every day. It was imperative Accor handled the PSD2 SCA requirements well, while maintaining smooth reservation and checkout experiences. This also meant finding one solution that covered all their acquiring bank relationships.
What we did
Cybersource has been working with Accor since 2016. One of the reasons Accor chose us to help with its PSD2 compliance efforts in 2020 was the modular nature of our products: we were able to quickly integrate new products into the solution already up and running. The Cybersource solution is also acquirer agnostic, meaning it was a one-stop answer to meet Accor’s wider acquiring needs.
3-D Secure protocol, with Payer Authentication
The first step to help Accor in meeting its PSD2 requirements was to integrate Cybersource plus Payer Authentication. This product provides the benefits of EMV® 3DS—the 3-D Secure protocol allowing to manage SCA. It enables smooth payment authentication on all the devices consumers shop from today, such as mobile phones and tablets. It also provides smarter and broader authentication options, including one-time passwords (OTPs), biometric identification and out-of-band authentication.
Exemptions, with Decision Manager plus Payer Authentication (DMPA)
SCA doesn’t apply to all transactions: some are out of scope (like regular subscriptions), others are exempt (like transactions under €30). To minimize friction even further, we’re now working with Accor to implement Cybersource Decision Manager plus Payer Authentication, which enables Accor to flag these transactions, and request exemptions.
The key is that Decision Manager plus Payer Authentication screens transactions before Accor submits them for authorization. This allows Accor to build business rules to identify transactions that are out of scope, request exemptions and handle SCA declines by automatically retrying with authentication. This extra capability helps deliver an even more seamless customer experience, as well as protecting the merchant against potential lost sales.
The difference our work made
Accor Hotels are able to comply with the PSD2 SCA regulation with the help of our solutions and support from the Cybersource Managed Risk Services team.
A customer-friendly checkout experience
With a seamless authentication process and developing exemption strategy, Accor Hotels have also seen minimal negative impact on conversion rates post PSD2 enforcement.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.