All Collections
Glossary - basic concepts
Glossary - basic concepts

PSD2, 3D Secure, SCA

Elena avatar
Written by Elena
Updated over a week ago

Concepts you should know:

  • Physical POS: Point of Sale Terminal (POS) or also known as a dataphone, is a device that allows card payments to be made in person and securely.

  • Virtual POS: Online version of the POS for card payments in ecommerce or online commerce.

  • PCI-DSS: A standard developed by the PCI SSC committee, which is made up of the main card brands. It is a guideline that helps organisations that process, store and/or transmit cardholder data to secure that data in order to prevent card fraud.

  • Tokenisation: A payment solution that masks card data to avoid the risk of fraud (internal and external) without losing the ability to debit and credit the card.

  • PSD2: European regulation for the use of credit cards, among other things. Applies only when both payer and merchant are in the EU..

  • SCA: Regulation within PSD2 that defines how cardholder authentication is to be carried out when making an online payment.

  • MIT: Transaction exempted from SCA authentication for recurring merchant-initiated collections.

  • MOTO: Telephone and email sales (MOTO or Mail Order and Telephone Order) are exempt, in which charges can continue to be made only with the card number and without double authentication. The AvaiBook POS is configured to be able to carry out these types of transactions in compliance with PCI Compliance regulations.

  • Delegated authentication: In PSD2 there is a need for an OTA to authenticate the card even if it does not charge the card (the charge is made by the host). The cardholder is not in the payment environment of the accommodation but of the OTA, hence this term.

  • An unauthenticated payment, without "3D Secure", is an online payment made only by entering the card data (card number, expiry date, CVC/CVV) or even without this step because the system had previously saved this data. It is most commonly used for scheduled or "non-face-to-face" charges, such as, for example, subscription fees or booking payments via certain platforms. It is the fastest, easiest and highest converting type of payment, as it is the least frictionless for the payer. However, it is also considered the most dangerous, as it has no additional checks. Thus, anyone could use the card in case of theft

  • An authenticated payment, or "3D Secure", is an online payment that requires additional authentication beyond the card details. The method varies from bank to bank, and can range from an SMS to your mobile phone to a key, specific coordinate or token generated with a mobile app. It is slower and generates worse conversion as it requires more steps and experiences more friction - the user doesn't remember the key or doesn't have the coordinate card on them at the time, for example. It is more secure, however, although it does not allow payments to be scheduled or issued non-face-to-face.

  • An authenticated payment in an enhanced form, or "3D Secure 2", aims to fulfil the same characteristics as the authenticated payment, but with increased security through more robust verification methods. Card issuers in the EEA area are already adapting their technical systems to support it before the deadline, so you have probably already received some notification.

Other links of interest:

You can consult our entire knowledge base sorted by collections, and see everything our plans have to offer.

We also invite you to visit our blog and youtube channel where you will find webinars and news with general content about the sector.

Related Articles
Articles related to PSD2
What is PSD2 and SCA?
Exemptions and derogations from the SCA
PSD2: Booking engine
PSD2: Manual bookings
Did this answer your question?