EU and IATA updates
JP Ephithite

EU and IATA updates: What travel brands need to know

June 28, 2019

Over the coming months, new regulations will have a direct impact on how travel brands, particularly agencies, conduct business online. These are the EU’s second Payment Services Directive (PSD2) and IATA Resolution 830d.

Here, we look at what your business should know about these changes and the steps Travelport is taking to ensure our customers’ compliance. 

PSD2: Strong Customer Authentication

New requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2) on September 14, 2019. 

These new requirements are known as Strong Customer Authentication (SCA). Any business accepting card payments online must authenticate the customer’s card using 3D-secure—an additional security layer for online credit and debit card transactions. 

What this means for your travel agency
The new requirements are good news for any online travel brand. Once you have properly authenticated a card transaction, there is a ‘liability shift’—in other words, any liability for fraud passes to the card-issuing bank. 

As a result, the transaction is fraud-free for your agency, including no ADM for a chargeback from an airline. It therefore negates the need for additional fraud prevention tools from your side.

However, it’s important to note that failure to work with the right distribution partner could result in non-compliance. A card-issuing bank can decline any authorization they believe to be an online EU transaction that’s subject to SCA, which has not been properly authenticated. So, now is the time to prepare.

What this means for Travelport customers
Travelport will support 3D-Secure functionality in line with the PSD2 Strong Customer Authentication requirements, to help ensure our customers are in full compliance with the new directive. 

Agencies will need to pass the required 3D-Secure data to Travelport with the payment card details, which can only be achieved by consuming a new standalone payment API. This ensures that the required 3D-Secure data is included in any downstream card processes (i.e. authorisation and settlement through BSP).

Please engage your Travelport Account Manager at your earliest opportunity to find out more.

For bookings where our customers are Merchant of Record, SCA will need to be performed through your own payment gateway.

You can learn more about these standards here.

IATA Resolution 830d

Next, we’ll look at changes to the IATA Resolution 830d and what it means for your agency. 

These changes will take effect from June 1, 2019.

With the introduction of the General Data Protection Regulation (GDPR) last year, there has been an additional protection on customer data passing between businesses. This means that your agency’s customers cannot be retargeted by suppliers when you add their contact details to a booking for use during travel disruption.

However, our airline partners have been collectively raising an issue via IATA. Some agencies are not providing accurate customer contact details, such as phone number and email address, during booking for the purposes of communication during travel disruption.

IATA’s new amendments to Resolution 830d mandates accurate customer details from agencies. It also makes it clear that the data can only be used in the event of a flight delay or cancellation and not for generic customer capture or marketing. Therefore, your agency can share customer data in such a way that usage restriction is binding under GDPR. 

Improving customer experience
With this resolution and with the protection of GDPR your agency can safely make it your best practice to include accurate customer contact details during bookings. 

Providing these details will help to enhance traveler comfort and the overall travel experience, by ensuring they receive all necessary communications during times of disruption. 

A good traveler experience is critical to brand loyalty, and communication during disruption is core to delivering the best experience possible. Therefore it is in everyone’s best interests—your agency, airline partners, and travelers—to ensure that accurate information is passed between resellers and suppliers.

Find out more
The following resources will help you to learn more about the upcoming changes.

PSD2 Strong Customer Authentication (SCA)
IATA Resolutions

If you have any questions about how Travelport is helping its customers in relation to the PSD2 Strong Customer Authentication requirements, please contact Phil.Rendell@travelport.com or JP@travelport.com