Solutions
- Airlines
  - Amadeus for Airlines
  - Products
- Airports
  - Amadeus for Airports
  - Products
- Border Authorities
  - Amadeus for Border Authorities
  - Products
- Corporate Travel & Expense
  - Products
  - Capabilities
  - Integrations
    - Travel & Expense Solution for Microsoft Teams
- Travel Sellers
  - Products
  - Content
- Hospitality
- Payments & e-invoicing
  - Outpayce
  - Voxel: B2B Payments and e-Invoicing
- Traveler behavior is changing at every touchpoint.
  
  Explore bold ideas, lead with cutting-edge tech, build powerful partnerships, and contribute to lasting impact.
  Discover more
Support & Training
- Support
- Training
- Already a customer?
  
  Log into Amadeus Service Hub for product news, learning materials, and customer support.
  Login
Partners
- Amadeus Partners
  
  At Amadeus, we value strong partnerships with different players across the travel ecosystem. Gain access to our solutions to develop your portfolio, reach new customers and add to your bottom line.
- Landmark partnership between Amadeus and Google Cloud
  
  Learn how this collaboration strengthens Amadeus' multi-cloud approach and AI innovation to improve efficiency, reliability and growth in travel.
  Read more
Resources
- Trending Topics
- Connected journeys: How will technology transform travel in the next decade?
  
  From AI-driven planning and biometric check-ins to smarter disruption management.
  Read the report
- Six travel trends that will redefine how we travel in 2026 and beyond
  
  Amadeus, in collaboration with Globetrender, unveils the tech, policy and innovation coming to transform the face of travel.
  Discover now
Company
- About Amadeus
  - About us
  - Leadership
  - Awards
  - Locations
- Careers
- Innovation
- Sustainability (ESG)
  
  Learn how we’re working to make travel a force for good.
- Amadeus Global Report 2024
  
  Get an overview of our company in 2024 from a business, financial and sustainability perspective.
  Access report
- Latest financial results
  
  Amadeus published its financial results for Q3 2025.
  View the results

Blog

SCA in travel payments part 3: what happens when the booking includes products from multiple travel suppliers?

November 23, 2020

Last updated: February 9, 2021

4 min read

Available in other languages

EN DE

Jean-Christophe Lacour

Head of Merchant Services, Payments, Amadeus,

Share it!

Strong Customer Authentication requires card holders perform two-factor authentication for the vast majority of electronic payments made within the European Economic Area, reducing fraud by providing a higher degree of confidence the person performing the transaction is the rightful cardholder.

In the travel industry, where a high number of bookings are made via travel agencies, performing two-factor authentication will require changes to the way agencies and suppliers handle payments.We looked at the the ‘pass through’ model in blog one andthe ‘Merchant of Record’ model in blog two of this series.

Ensuring that payment processes meet the requirements when a travel agent performs SCA on behalf of many different travel suppliers in a single booking is particularly challenging. That’s why we’re going to tackle it in this blog.

Imagine a traveler places a booking for a holiday that includes a flight, a hotel and car rental with an online travel agency (OTA).

Step 1

Immediately we may encounter the concept of a Merchant Initiated Transaction (MIT). It’s possible any of the three merchants will wish to charge the traveler’s card without them being present, for example, the traveler cancels and incurs a fee, or the car rental firm may introduce a charge if the car is returned with less than a full tank of petrol.

For the airline, hotel or car rental firm to be able to initiate these payments later on, it’s important that the traveler enters a MIT agreement at the time of booking. Therefore, the OTA needs to clearly provide terms and conditions from each merchant at the time of booking, as well as collect proof that the traveler has consented to this agreement.

Step 2

Next the OTA will ask the traveler to perform a SCA check using a One Time Passcode sent to their mobile phone. Importantly, this SCA check must be for the entire balance of all products in the booking.

Step 3

Because this scenario involves multiple travel suppliers (also known as merchants) behind the scenes, the SCA check performed by the OTA at the time of booking needs to be useable by the airline, the hotel and the car rental firm, so each entity can process its own payment.

This can be achieved using the 3RI protocol (also known as ‘3DS Requestor Initiated’) which allows a ‘silent authentication’ to occur in the background without any need for the traveler to do anything. Silent authentication works by dynamically linking the original SCA check the traveler performs for the OTA to subsequent payments initiated by the airline, hotel and car rental firm, when the traveler isn’t present.

So, in this multi-merchant scenario, the OTA would conduct the initial SCA check in step 2 and then three silent 3RI checks on behalf of each of the merchants (airline, hotel and car rental firm). Each merchant then has the unique proof of authentication data they can use when authorizing their portion of the payment.

For this to be successful, the separate 3RI authentications must not exceed the total value of the authentication performed by the traveler during step 2, removing any risk that the traveler might be overcharged.

Importantly, 3RI is only available if the OTA and travel suppliers involved have upgraded their systems to the latest industry standard authentication protocol ‘3DS 2’, which was recently released by payments technical body EMVCo. That’s one reason why Amadeus advocates moving to 3DS 2 as soon as possible.

Step 4

The OTA sends the unique SCA 3RI authentication to each of the travel suppliers that can then each process their individual payments. The traveler’s card will display three separate transactions totaling the original amount for which the traveler authenticated during step 2.

Whilst the 3RI process is the desired end-state for authenticating card holders in multi-merchant travel bookings, there is an acknowledgement that this capability hasn’t yet been adopted at scale. Therefore, it is expected that the original SCA check performed by the agent can be used by each supplier as proof of authentication in the short term. However, this will only be an interim solution and all travel players should prepare for 3RI based on the 3DS 2 protocol as soon as possible.

Advice for handling ‘Multi-merchant’ scenarios:

Travel suppliers need to ensure contracts with travel agents have been updated to enable the traveler to enter an MIT agreement

Travel agents need to provide MIT terms and conditions clearly at time of booking

Travel agents need to do an SCA check for the full amount of the package trip

Travel agents and travel suppliers need to have upgraded to the 3DS 2. authentication standard so the agent can perform separate 3RI (silent) authentications for each supplier involved in the booking

Travel suppliers need to have assessed their payment flows to ensure API and technology partners can pass the required proof of authentication through the distribution chain.

If you’re introducing SCA why notdownload our new report to understand readiness levels across the industry and for a concise action plan on how to tackle SCA.

This article was published byThe Paypers , the Netherlands-based leading independent source of news and intelligence for professionals in the global payment community.

Read in full our research report on SCA for travel payments

Download now

TO TOP