EEA Payment Services Directive (PSD2) Requirements

Owned by Malissa Olofernes
Last updated: Feb 07, 2024 by Meredith Russell
3 min read

To meet European Economic Area (EU/EEA) Revised Payment Services Directive Two (PSD2) requirements for Strong Customer Authentication (SCA), Deem and Travelfusion use additional payment security checks for travelers using a credit card provided by an EU merchant bank.

Need to Know

Travelers who book trips through Travelfusion and use a credit card belonging to an EU merchant bank will see a pop-up window with security questions from their merchant bank.

How it Works

The required security check works as follows:

  1. A traveler selects trip options, continues to the Purchase page, and clicks the Purchase button to confirm.

  2. Deem displays a secure merchant/bank window with security questions.

  3. After the traveler answers the questions, the merchant bank sends Deem a token.

  4. Deem sends that token to the content provider.

  5. The booking is completed after these security measures are met.

FAQ for Travelers

Q. What can I expect?

A. PSD2 regulations require additional security measures for travelers using a credit card issued by an EU bank to book travel within the EU. After you confirm a purchase, Deem displays a pop-up window with questions from the merchant asking for additional authentication from the credit card holder. This window may ask for CVV/CVC verification, mother’s maiden name, or a password specific to the issuing bank’s service, such as Verified by Visa or Secure Code by MasterCard. Within Deem, these additional security parameters are expected, safe, and secure. In most cases, this will be sufficient to complete the transaction; however, if there are any issues with the authentication process through Deem, you will need to contact your travel agent directly in order to complete your booking.

Q. What if my transaction is declined?

A. Contact your travel agent to complete your booking.

Q: What do I do as a delegate?

A.  Book as usual. If a security pop-up appears, you can either contact your travel agent to complete the booking, or have your traveler book on their own.

Q: Will there be additional content providers affected by this regulation? 

A. Yes, all content providers using merchant banks in the EU will be affected by this regulation. Deem is working with these providers to implement a long term solution. 

Q: Can I opt-out? 

A. No, this is a required EU/EEA PSD2 security check.  

Q: Are any cards exempt? 

A. Virtual cards, corporate cards, and cards not issued by an EU merchant bank are exempt. 

Q: Can I trust the merchant bank security questions window? 

A. When you use the Deem site to book your travel, the security pop-up is secure and expected. However, be cautious of such security pop-ups on third party sites. 

Q: What happens if I answer the security questions incorrectly?

A. Follow the instructions on the pop-up to reset your security questions.

FAQ for Traveler Managers

Q. What should my travelers watch out for?

A.PSD2 regulations require additional security measures for travelers using a credit card issued by an EU bank to book travel within the EU. After the traveler confirms a purchase, Deem displays a pop-up window with questions from the merchant asking for additional authentication from the credit card holder. This window may ask for CVV/CVC verification, mother’s maiden name, or a password specific to the issuing bank’s service, such as Verified by Visa or Secure Code by MasterCard. Within Deem, these additional security parameters are expected, safe, and secure. In most cases, this will be sufficient to complete the transaction; however, if there are any issues with the authentication process through Deem, the traveler will need to contact their travel agent directly in order to complete their booking.

Q. Do I need to make any changes to my site’s configuration? What does Deem recommend?  

A. No additional configurations are necessary to support PSD2; however, virtual and corporate issued credit cards are currently exempt from the regulation and may be used as an alternative payment method in lieu of a personal credit card.

Q. Whom should I contact if I run into issues? 

A. Direct customers and TMCs should report issues by logging a ticket with Deem Customer Success in the support portal or by sending an email to travelcustomersuccess@deem.com. Customers working indirectly with Deem via a TMC should report issues to their TMC.