Strong customer authentication (SCA) is likely something that you are already familiar with. Think about logging onto a website or having to reset a password where you receive a one-time password on your mobile device; That’s SCA. It is becoming more broadly used in e-commerce and is now being legally mandated for some payment types.
According to Allied Market Research – and, possibly spurned by the pandemic - there has been a surge in demand for alternatives to cash payments. The global credit card payments market generated over $135 billion in 2020, and is estimated to garner $263 billion by 2028.
It will be a source of comfort for many that strong customer authentication (SCA) is now a requirement set by regulators for e-commerce transactions in the European Economic Area and the UK, and not just for the travel and hospitality industry. While the current focus is on European countries, CWT is preparing for the likelihood that these SCA protocols will be used for future transactions, beginning with EMEA.
How does SCA work?
SCA requirements stipulate that electronic payments be completed with a multi-factor authentication to improve the security of electronic payments. To date this has not generally been true for Internet transactions prior to the implementation of the requirement.
SCA means that for each electronic payment, subject to some exemptions, the cardholder must be authenticated (i.e. verified) by at least 2 of the following 3 factors:
- Something the cardholder knows (e.g. a password, PIN code, secret fact)
- Something that is inherent to the cardholder (e.g. a fingerprint, facial or iris scan)
- Something the cardholder has (e.g. a mobile phone, smart card, badge or token)
Booking travel introduces complexities to SCA. Purchasing travel products involves a complex end-to-end orchestration that includes multiple vendors and multiple booking options. Travel agencies or TMCs like CWT are simply the ‘agency’ representing travel vendors including airline, car, hotel companies. TMCs are reliant on the entire travel eco-system to connect and align with SCA requirements to avoid any roadblocks.
Given the complexities in the travel indirect sales model, fully permanent payment solutions will take some time to realistically implement across all partners: TMCs, OBTs, GDSs, aggregators, card schemes, merchant acquirers, card issuers, payment gateways, and other payment providers. CWT continues to work with these partners and industry trade groups to align solutions and ensure a positive customer experience while meeting the imposed regulatory requirements.
We take credit card security seriously from multiple payment options to meeting PCI security requirements. CWT has a dedicated payments team that focuses on all aspects of regulatory compliance and future payment solutions including constantly watching for changes as they occur in this area.
What steps to take
As a travel manager, CWT recommends that you begin by contacting your corporate bank to best understand what, if any action is required. Engagement with your bank will clarify whether your selected payment products are subject to SCA and what other payment products may be available to avoid SCA. You may also consider including your finance team who may act as a support or SME during the discussions.
Watch out for the next blog in our series on secondary card payment, where we will take a closer look at what is in scope and out of scope specific to the type of vendors and cards that you have.