Question ID:
Legal Act:
Directive 2015/2366/EU (PSD2)
Strong customer authentication and common and secure communication (incl. access)
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations:
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Disclose name of institution / entity:
Type of submitter:
Industry association
Subject Matter:
Merchant Initiated Transactions exemption for hotel transactions

For the following scenarios, does digital acknowledgement by the consumer at time of booking that subsequent charges may be collected adequately meet the requirement for Merchant Initiated Transactions if SCA is also taken at time of booking:

i. total room charges and applicable taxes disclosed to the consumer when a prepaid rate has been selected.

ii. deposit amount disclosed to the consumer when the reservation requires payment of a deposit to guarantee the booked room and/or dates.

iii. disclosed late cancellation or no-show fee incurred by the consumer if the consumer fails to cancel their reservation per the disclosed cancellation policy.

iv. disclosed descriptions of types of charges that will be processed by the hotel merchant if incurred after payment for the stay has been settled. Examples include but are not limited to charge-to-room meals, spa treatments, retail purchases, mini-bar consumption identified by housekeeping and room damage.

Background on the question:

In the hotel sector, payments are often not completed or able to be completed directly or at the time of reservation and credit card details are taken mainly as a guarantee. At the time of booking, the customer is asked to agree to the booking Terms and Conditions which protects the interests of both parties and include the hotel’s policy on late cancellation or no-shows. SCA will often not be completed at this stage, as the hotel and guest agree to process the payment at location where the customer will present his/her card to pay the full amount or will explicitly agree to pay any fees due on the credit card on file.

Date of submission:
Published as Final Q&A:
EBA Answer:

Q&A 2019_4791 clarifies that where payment card details are taken as a guarantee at the time of making a reservation, in order for potential further payments initiated by the payee (the hotel) to be considered as payee-initiated transactions, strong customer suthentication (SCA) would need to be applied when providing the mandate and all other conditions in Q&A 2018_4031 should be met.

As stated in Q&A 2018_4031, where the mandate of the payer to the payee to initiate a transaction is provided through a remote channel (for example at the time of reservation with credit card details taken only as a guarantee), the setting up of such a mandate is subject to strong customer authentication, as this action may imply a risk of payment fraud or other abuses within the meaning of Article 97(1)(c) of the Directive 2015/2366/EU (PSD2). The payment transactions initiated by the payee that are based on the mandate are subject to the general provisions of PSD2 that apply to payee initiated transactions (e.g. Articles 75-78 PSD2).



The answers clarify provisions already contained in the applicable legislation. They do not extend in any way the rights and obligations deriving from such legislation nor do they introduce any additional requirements for the concerned operators and competent authorities. The answers are merely intended to assist natural or legal persons, including competent authorities and Union institutions and bodies in clarifying the application or implementation of the relevant legal provisions. Only the Court of Justice of the European Union is competent to authoritatively interpret Union law. The views expressed in the internal Commission Decision cannot prejudge the position that the European Commission might take before the Union and national courts.

Final Q&A