SCA and 3DS in Octorate

Strong Customer Authentication (SCA), introduced by the PSD2 regulation, is designed to reduce fraud and disputes on credit card payments.

On Octorate you can manage SCA directly from Settings > Takings and terms of sale

ย 

โš ๏ธ Note: SCA settings are only available if the selected payment gateway supports them (e.g., Stripe, Nexi). Other gateways, such as Syspay, continue to process transactions in MOTO mode (Mail Order / Telephone Order).

Click ๐Ÿ‘‰ HERE for the article dedicated to secure payment management with Syspay.


Payment management modes

From the dropdown menu you can choose one of the following options:

  • Always send SMS to the customer โœ‰๏ธ
    The customer will always receive a link by email to authenticate the payment.
    Their bank will send a code to be entered in the link received.

  • Bank decides whether to send SMS ๐Ÿฆ
    Only if the bank considers it necessary, the customer will receive the email with the link to authorize the charge.

  • MOTO โ€“ no SMS ๐Ÿ“ž
    The traditional mode (card data provided by the customer via phone, email or entered in the Booking Engine).
    Still authorized, but with a high risk of disputes. The bank may still request authentication.

๐Ÿ’ณ OTA Virtual Cards: always exempt from SCA.


Automatic charges

Configured in Settings > Automatic charges and sales conditions.

If you have chosen โ€œAlways send SMS to the customer,โ€ each automatic charge will generate an authentication link.

Before SCA, the charge was made directly via MOTO, without authentication.

Click ๐Ÿ‘‰ HERE for the full article on configuring automatic charges.


Manual charges

From the booking detail, go to Collections > Collect a payment > Credit Card > Charge credit > Save.

The charge remains โ€œpendingโ€ ๐Ÿ•’ until authentication.

You can:

  • send the email with the link to the customer (automatically or manually);

  • copy the link and send it yourself (also via WhatsApp).

Once authenticated, the payment is confirmed.


Authentication procedure

The customer receives a link ๐Ÿ”— (by email or WhatsApp).

To customize emails, you need the WebConcierge package to create email templates.

Otherwise, you can use a predefined template (โ€œSCA Payment Authenticationโ€) in Settings > Email templates.

By opening the link, the customer accesses WebConcierge, enters the code received from their bank, and once completed, the authentication is confirmed โœ… and the payment appears in Octorate.

โš ๏ธ Currently, this procedure mainly concerns Stripe.


Conclusion

  • SCA ensures greater security against fraud but requires customer cooperation.

  • For accommodation providers, it is essential to choose the most suitable option between mandatory SMS, bank-discretion SMS, or MOTO.

  • Automatic and manual charges work similarly: always linked to the authentication process.

  • OTA Virtual Cards are excluded from the regulation.

2 replies