Question ID
2019_4788
Legal act
Directive 2015/2366/EU (PSD2)
Topic
Strong customer authentication and common and secure communication (incl. access)
Article
97
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph
1
Type of submitter
Industry association
Subject matter
Treatment of electronic bookings similar to Mail Order and Telephone Orders (MO-TO) transactions
Question

Would hotel use-cases, which include reservations taken by third parties (such as online travel agents or brand/hotel group) for the merchant and subsequent transactions (such as post-booking processing of prepaid rates or deposits, processing of cancellation/no-show fees, processing of post-checkout charges) fall under the scope of Mail Order and Telephone Orders (MO-TO) transactions and are they therefore excluded from the strong customer authentication (SCA) requirements?

Background on the question

In the hotel sector, payment information collected during the process of reserving accommodation does not result in a transaction at the time of the reservation, with credit card details utilised only as a guarantee for future payment. If payment details are collected at time of booking, but no payment is processed at that time or by that booking entity, no e-commerce has occurred.

Submission date
Final publishing date
Final answer

Pursuant to Article 97 (1)(b) Directive 2015/2366/EU (PSD2), Member States shall ensure that a payment service provider applies strong customer authentication (SCA) when the payer initiates an electronic payment transaction. As stated in Q&A 2018_4031, card-based payment transactions are considered as payment transactions initiated by the payer through the payee and thus fall under Article 97(1)(b) PSD2.

Recital 95 of PSD2 clarifies that “There does not seem to be a need to guarantee the same level of protection to payment transactions initiated and executed with modalities other than the use of electronic platforms or devices, such as paper-based payment transactions, mail orders or telephone orders.” 

Accordingly, remote non-electronic payment transactions that are initiated and executed via a mail order or telephone order can be considered out of scope of the SCA requirement. Therefore, as card-based payment transactions qualify as electronic payment transactions, card-based transactions initiated by the payer through the payee cannot be considered out of scope of the SCA requirement.

 

Disclaimer:

The answers clarify provisions already contained in the applicable legislation. They do not extend in any way the rights and obligations deriving from such legislation nor do they introduce any additional requirements for the concerned operators and competent authorities. The answers are merely intended to assist natural or legal persons, including competent authorities and Union institutions and bodies in clarifying the application or implementation of the relevant legal provisions. Only the Court of Justice of the European Union is competent to authoritatively interpret Union law. The views expressed in the internal Commission Decision cannot prejudge the position that the European Commission might take before the Union and national courts.

Status
Final Q&A
Answer prepared by
Answer prepared by the European Commission because it is a matter of interpretation of Union law.

Disclaimer

The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.