Strong Customer Authentication (SCA), introduced by the PSD2 regulation, is designed to reduce fraud and disputes on credit card payments.
On Octorate you can manage SCA directly from Settings > Takings and terms of sale
ย
โ ๏ธ Note: SCA settings are only available if the selected payment gateway supports them (e.g., Stripe, Nexi). Other gateways, such as Syspay, continue to process transactions in MOTO mode (Mail Order / Telephone Order).
Click ๐ HERE for the article dedicated to secure payment management with Syspay.
Payment management modes
From the dropdown menu you can choose one of the following options:
Always send SMS to the customer โ๏ธ
The customer will always receive a link by email to authenticate the payment.
Their bank will send a code to be entered in the link received.Bank decides whether to send SMS ๐ฆ
Only if the bank considers it necessary, the customer will receive the email with the link to authorize the charge.MOTO โ no SMS ๐
The traditional mode (card data provided by the customer via phone, email or entered in the Booking Engine).
Still authorized, but with a high risk of disputes. The bank may still request authentication.
๐ณ OTA Virtual Cards: always exempt from SCA.
Automatic charges
Configured in Settings > Automatic charges and sales conditions.
If you have chosen โAlways send SMS to the customer,โ each automatic charge will generate an authentication link.
Before SCA, the charge was made directly via MOTO, without authentication.
Click ๐ HERE for the full article on configuring automatic charges.
Manual charges
From the booking detail, go to Collections > Collect a payment > Credit Card > Charge credit > Save.
The charge remains โpendingโ ๐ until authentication.
You can:
send the email with the link to the customer (automatically or manually);
copy the link and send it yourself (also via WhatsApp).
Once authenticated, the payment is confirmed.
Authentication procedure
The customer receives a link ๐ (by email or WhatsApp).
To customize emails, you need the WebConcierge package to create email templates.
Otherwise, you can use a predefined template (โSCA Payment Authenticationโ) in Settings > Email templates.
By opening the link, the customer accesses WebConcierge, enters the code received from their bank, and once completed, the authentication is confirmed โ and the payment appears in Octorate.
โ ๏ธ Currently, this procedure mainly concerns Stripe.
Conclusion
SCA ensures greater security against fraud but requires customer cooperation.
For accommodation providers, it is essential to choose the most suitable option between mandatory SMS, bank-discretion SMS, or MOTO.
Automatic and manual charges work similarly: always linked to the authentication process.
OTA Virtual Cards are excluded from the regulation.