Question ID:
Legal Act:
Directive 2015/2366/EU (PSD2)
Strong customer authentication and common and secure communication (incl. access)
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations:
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Disclose name of institution / entity:
Type of submitter:
Industry association
Subject Matter:
Processing payments for hotel reservations

Can hotels continue to process payments for which strong customer authentication (SCA) has not been completed at the time of reservation, or for charges which do not become apparent until after the customer has departed the hotel and for which he/she may refuse to conclude a first or additional SCA?

Background on the question:

In the hotel sector, payments are often not completed or able to be completed at the time of the reservation with credit card details taken only as a guarantee. At the time of booking, the customer is asked to agree to the booking Terms and Conditions which protects the interests of both parties and includes the hotel’s policy on late cancellation or no-shows. SCA will often not be completed at this stage, as the hotel and guest agree to process the payment at location where the customer will present his/her card to pay the full amount or will explicitly agree to pay any fees due on the credit card on file.

Date of submission:
Published as Final Q&A:
Final Answer:

Pursuant to Article 97(1) Directive 2015/2366/EU (PSD2), Member States shall ensure that a payment service provider applies strong customer authentication when the payer (a) accesses its payment account online, (b) initiates an electronic payment transaction, or (c) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.

Therefore, strong customer authentication (SCA) is required when initiating an electronic payment transaction, including to pay for hotel accommodation or charges which are not apparent until the customer departs the hotel.

However, as clarified in Q&A 2018_4031, where the payer has given a mandate through a remote channel, authorizing the payee to initiate a payment transaction through a particular payment instrument that is issued to be used by the payer to initiate the transactions, the setting up of such a mandate is subject to SCA.

Accordingly, in the case described by the submitter where payment card details are taken as a guarantee at the time of making a reservation, in order for potential further payments initiated by the payee (the hotel) to be considered as payee-initiated transactions, SCA would need to be applied when providing the mandate and all the other conditions in Q&A 2018_4031 should be met.

Q&A 2019_4794 provides further clarification on the provision of the mandate by the payer to the payee for the initiation of the referred payee initiated transactions.



The answers clarify provisions already contained in the applicable legislation. They do not extend in any way the rights and obligations deriving from such legislation nor do they introduce any additional requirements for the concerned operators and competent authorities. The answers are merely intended to assist natural or legal persons, including competent authorities and Union institutions and bodies in clarifying the application or implementation of the relevant legal provisions. Only the Court of Justice of the European Union is competent to authoritatively interpret Union law. The views expressed in the internal Commission Decision cannot prejudge the position that the European Commission might take before the Union and national courts.

Final Q&A
Answer prepared by:
Answer prepared by the European Commission because it is a matter of interpretation of Union law.