In the hotel industry, if a consumer contacts the hotel directly to make a reservation, the hotel may need to manually key the payment details into their payment terminals. Does this qualify as a Mail Order or Telephone Order (MO-TO) transaction?
Current guidance indicates that manually keyed transactions are not viewed as MO-TO transactions (despite their similarities) and would not be out of scope for strong customer authentication (SCA). A significant part of keyed transactions takes place on the same media as MO-TO transactions, as these are often also initiated by mail, fax or telephone.
In accordance with Article 97(1)(b) of Directive 2015/2366/EU (PSD2), a payment services provider shall apply strong customer authentication (SCA) where the payer initiates an electronic payment transaction. As stated in Q&A 2018_4031, card-based payment transactions are considered as payment transactions initiated by the payer through the payee and thus fall under Article 97(1)(b) PSD2. In accordance with Q&A 2019_4788, card-based transactions where the payee manually keys the payment details into a payment terminal require SCA in line with Article 97(1)(b) of PSD2.
The answers clarify provisions already contained in the applicable legislation. They do not extend in any way the rights and obligations deriving from such legislation nor do they introduce any additional requirements for the concerned operators and competent authorities. The answers are merely intended to assist natural or legal persons, including competent authorities and Union institutions and bodies in clarifying the application or implementation of the relevant legal provisions. Only the Court of Justice of the European Union is competent to authoritatively interpret Union law. The views expressed in the internal Commission Decision cannot prejudge the position that the European Commission might take before the Union and national courts.