Interim Solution Instruction for the Travel and Hospitality Industry
Travel and Hospitality industry compliance with the strict interpretation of the Regulatory Technical Standards (RTS) for the Payment Services Directive 2 (PSD2) Strong Customer Authentication (SCA) will only be possible once the entire supplier chain has been upgraded to support the transfer of authentication data from the point of first cardholder contact (Bookings via direct or indirect sales channels), through to the merchant of record (your business).
If your indirect sales channels (e.g. Travel Agents, Booking Engines, Travel Management Companies, or any other intermediaries within the eco-system) are unable to upgrade to an RTS compliant solution ahead of the deadlines, transactions will be declined by law.
The objective of the interim solution is to enable you to continue with the existing business practices of generating Mail Order/Telephone Order (MOTO) and Merchant Initiated Transactions (Out of Scope for SCA) without the risk of issuers stepping-up or challenging for SCA when it cannot be fulfilled.
The interim solution recognises the unique challenges to PSD2 SCA compliance facing your industry sector and is only available to a restricted list of Merchant Category Codes (MCCs – see list).
To avoid unnecessary declines and customer challenges for SCA that cannot be fulfilled whilst the technical infrastructure upgrades take place, you must make effective use of the interim solution proposed by the major card brands and which is expected to be supported by all stakeholders based in the EEA/UK.
Instructions
- Under our Terms of Service CCA, it is agreed that the merchant comply with Card Scheme Rules and with any other instructions, policies and procedures provided by Elavon.
- You are authorised to use existing Out of Scope transaction types, flagging your transactions as either MOTO (Mail Order/Telephone Order) or MIT (Merchant Initiated Transactions) until such time as technical guidance is released (expected Q4, 2020) and you are able to complete your end to end system upgrades between yourself and your independent 3rd party service providers.
- The establishment of MIT* agreements with cardholders requires actions from your indirect sales channels to both authenticate the cardholder and to present your new merchant of record terms and conditions. You are responsible for establishing or updating contractual agreements with your indirect channel intermediaries to confirm that;
a. The agent is authorised and instructed to carry out SCA on your behalf at the time of booking.
b. An MIT agreement (T&C’s) from you as the merchant of record is presented to the cardholder at the time of authentication.
c. The MIT agreement must be confirmed by the cardholder through SCA unless a Secure Corporate Payment exemption applies.
d. You are only allowed to flag genuine MOTO transactions as MOTO, or any transactions initiated with an MIT agreement but where you are unable to provide ‘proof of authentication’ or unable to utilise MIT flags.
e. By utilising the existing Out of Scope condition flags of MOTO or MIT, you are certifying to Elavon that you comply with the requirements herein.
* In most cases, you will be using stored Card on File (COF) payment credentials to initiate your MITs.
Establishing COF and MIT agreements with cardholders
COF and MIT agreements must satisfy the following consent agreement requirements set forth by the card schemes for their respective COF and MIT operating frameworks.
It is strongly recommended that the Merchant either directly or via their 3rd party booking agent also confirms all components of the COF and MIT agreement with the consumer via email.
When the payment credentials are being stored on file (COF) in your systems for future ease of use, the merchant must establish an agreement with the cardholder for the following:
- Truncated version of the stored credentials (last four digits of PAN).
- How the cardholder will be notified of any changes to the consent agreement.
- The expiration date of the consent agreement if applicable.
- How the stored credential will be used.
- You must notify the cardholder in the event of a change to the agreement.
- You must retain the agreement for the duration of the consent and provide to issuer on request.
- Where required by applicable laws or regulations, provide to the cardholder a record of the consent.
When the payment credentials are being used to generate future transactions without the cardholder present (MIT’s), further cardholder consent is required and you must notify the cardholder of the following in your T&Cs:
- Name and location of merchant.
- Purpose of the agreement and any payments being taken now or later.
- Authentication and Authorisation amount and how it will be calculated (amount and currency of the agreement or estimate if the precise payment amount is not known, with detail of how the final amount will be calculated).
- The frequency (recurring) or event (unscheduled) that will prompt the transaction.
- For instalment payments, the total purchase price and terms of future payments including the dates, amounts and currency.
- Payment schedule and/or timing of the first payment.
- Cancellation and refund policies.
- Duration of the agreement.
List of applicable merchant categories
Merchant Category |
MCC |
---|---|
Airlines and air carriers |
3000 through 3350 and 4511 |
Lodging |
3501 through 3999 and 7011 |
Car rentals |
3351 through 3500 and 7512 |
Cruise lines |
4411 |
Travel agencies |
4722 |
Passenger railways and railroads - freight |
4112 and 4011 |
Vacation rentals |
6513 |
Bus lines |
4131 |
Transportation, including ferries |
4111 |
Taxi cabs and limousines |
4121 |
Transportation services - not elsewhere classified |
4789 |
Campgrounds and trailer parks |
7033 |
Motor home and recreational vehicle rentals |
7519 |
Tourist attractions and exhibits |
7991 |
Aquariums, dolphinariums, zoos and sea aquariums |
7998 |
Insurance sales, underwriting and premiums |
6300 |
Direct marketing - insurance sales |
5960 |
Government services |
9399 |
Parking lots and garages |
7523 |
Elavon reserves the right to audit to determine if these instructions have been followed correctly.
Please take into account that you remain responsible for maintaining compliance of your business and your activity with the applicable laws, Card Scheme Rules and your agreement with Elavon. Please also note, that irrespective of the above mentioned instruction, you remain liable for any submitted chargebacks or fraudulent card transactions done by your Customers. Elavon does not guarantee that you will not bear such liability. Application of the above instruction does not exclude any risk or liability for chargebacks, frauds and Card Scheme Fines.