New Process for Payment Gateways and how you must respond

Created by Katrín Magnúsdóttir, Modified on Thu, 28 Sep, 2023 at 1:01 PM by Katrín Magnúsdóttir

Með öryggið í fyrirrúmi gætir þú þurft að aðlaga ferla þína að nýju umhverfi greiðsluþjónustuaðila þíns.

Dear Booking Factory user.
Your credit card acquiring service is no longer accepting non 3D secure transactions. There it is! Simple as that. Up until now, it has been up to the card issuer or the guest bank to force the 3DS protocol on any transaction made with a card and exceptions to that rule have been allowed in some cases. This has often resulted in lots of confusion and writing back and forth about why a payment is unsuccessful. This confusion is about to be history as you will have a much clearer way of securing the payments you receive for your services and minimizing the risk of chargeback instances.  

What is a 3DS payment? 
It is quite simply a payment made by the card holder for a set amount, approved on the spot (usually via text message on their phone) by the holder.  


What is NOT a 3DS payment? 
Any payment acquired without the immediate expressed consent of the card holder in question.  


What do you have to change to make sure you are securely collecting payments?  

  • If you have been manually pressing “charge card” unilaterally, this is an unsecured payment.  

  • If you do not charge your direct bookings upfront upon booking and then access the tokenized credit card later for payment, that is an unsecured payment.  

  • If you are using Reactions to initiate charges from tokenized cards, those charges are unsecure.  

  • Essentially, storing or holding any guest card information is now redundant as you are not allowed or able to charge anything onto it without the card holder accepting the charge in real time. 


What do you have to do to be 3DS compliant?  

The simplest way is to charge all stays upon booking. Just like airlines do. You can have several different cancellation policies and rate plans with different rules for refunds but charging the full amount you are due upon booking is a surefire way to be compliant with the 3DS process and avoid chargebacks.  

If you are uncomfortable with this approach for any reason, we have an integrated feature in our PMS that allows you to request payment from the guest via the 3DS process. It is called Payment Request and allows you to e-mail the guest from our system at whatever time you prefer prior to arrival. Usually according to your cancellation policy. This will send a link for payment via e-mail to the guest and they will be able to accept the charge by adding their card details and accepting the charge via the 3DS protocol. This can be done via automated Reaction e-mails a set number of days prior to arrival. If you are unfamiliar with this option. Please read more about it here (insert IC article).  

Please note again, whether you have the card details on file already or not is immaterial as you will not be able to charge without the holders consent. That remains the case after Payment Request payment is made. You may have the card information on file from that payment but will not be able to add subsequent charges to the card without their consent again.  


The last option, of course, is getting payment via a credit card point of sales system with the guest inputting their PIN number in person. This is obviously not possible if the guest is a no-show or cancels within your cancellation policy period and is therefore an option of last resort.  

Does this apply to all credit card transactions?  

Technically, it does, yes. But if you are using Virtual Cards issued by OTAs such as and Expedia to charge them directly after they have been paid by the guests, you can expect their non 3DS transactions to be as safe as they have been so far. If those global OTAs owe you payments, you can collect that the same way you have been doing so far. At least until they decide otherwise and will inform you accordingly. Furthermore, in the coming months, you can expect them to move further away from forwarding guest card details into your system when payment is set to “Hotel Collect”.   


We would like to stress that this is not a decision on a new process being made by Booking Factory. We are simply notifying our clients of the change in your business environment that needs adjusting to ensure you are not exposed to fraudulent charges and loss of revenue from less than honest people. It is a development we were expecting and as mentioned before, despite the possible headaches in adjusting your practices to begin with, we welcome this change to remove any doubt as to how to secure your revenues as best as possible.  

If you have any further questions on the matter or need clarification on what to do next, please do not hesitate to reach out to us.  


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article