-
Solutions
-
Airlines
-
Airports
-
Border Authorities
-
Corporate Travel & Expense
-
Integrations
-
Travel Sellers
-
-
Payments & e-invoicing
-
Traveler behavior is changing at every touchpoint.Explore bold ideas, lead with cutting-edge tech, build powerful partnerships, and contribute to lasting impact.
Discover more
-
-
Support & Training
-
Already a customer?Log into Amadeus Service Hub for product news, learning materials, and customer support.
Login
-
-
-
Amadeus PartnersAt Amadeus, we value strong partnerships with different players across the travel ecosystem. Gain access to our solutions to develop your portfolio, reach new customers and add to your bottom line.
-
Landmark partnership between Amadeus and Google CloudLearn how this collaboration strengthens Amadeus' multi-cloud approach and AI innovation to improve efficiency, reliability and growth in travel.
Read more
-
-
Resources
-
Trending Topics
-
Connected journeys: How will technology transform travel in the next decade?From AI-driven planning and biometric check-ins to smarter disruption management.
Read the report -
Six travel trends that will redefine how we travel in 2026 and beyondAmadeus, in collaboration with Globetrender, unveils the tech, policy and innovation coming to transform the face of travel.
Discover now
-
-
Company
-
About Amadeus
-
Careers
-
-
Sustainability (ESG)
Learn how we’re working to make travel a force for good.
-
Amadeus Global Report 2024Get an overview of our company in 2024 from a business, financial and sustainability perspective.
Access report -
-
-
Strong Customer Authentication (SCA) requires card holders perform two-factor authentication for the vast majority of electronic payments made within the European Economic Area. This process reduces the chance of fraud by providing a higher degree of confidence that the person performing the transaction is the rightful cardholder.
In the travel industry, where a high number of bookings are made via travel agencies, performing two-factor authentication will require changes to the way travel agencies and travel suppliers, such as airlines and hotels, handle payments.
There are several different scenarios for performing SCA in the in-direct channel but there are three fundamental choices for how authentication is managed:
- An indirect sale where the traveler is redirected from the travel agency to the travel supplier at the payment stage and the supplier performs the SCA check and processes the payment, much as they would on their own website
- The ‘pass through’ model where the travel agent making the booking performs the SCA check and then passes proof-of-authentication through to the travel supplier(s) who process the payment
- The travel agency becomes the Merchant of Record performing the SCA check and processing the payment. The agency then makes a B2B payment(s) to settle with the travel supplier(s)
This blog post looks at the ‘pass through’ scenario and future posts in this series will look at the Merchant of Record model as well as how to handle multi-merchant scenarios
Imagine a traveler is booking an airline ticket via an online travel agency (OTA). After they have found the ideal flight for the right price, they confirm the booking and proceed to payment.
Here, we might encounter the concept of a Merchant Initiated Transaction (MIT). With an airline booking, it is possible the airline will need to charge the traveler’s card without them being present, for example, the trip may be cancelled incurring a fee.
For the airline to be able to initiate this cancellation fee payment later on, it’s important that the traveler enters a MIT agreement at the time of booking. Therefore, the OTA needs to clearly provide the airline’s terms and conditions at the time of booking as well as collect proof that the traveler has consented to this agreement.
The OTA can do this by requiring an SCA check*, which might involve sending a One Time Passcode (OTP) to the traveler’s phone. After the traveler has successfully entered their card details and the OTP, the OTA will be provided with specific data that acts as proof of authentication and proof of a MIT agreement.
The OTA then passes that specific data to the airline so that it can successfully process the initial payment for the ticket, as well as subsequent payments, without the traveler being present. Data elements include:
- Transaction ID (showing it’s a MIT)
- Electronic Commerce Indicator (proves SCA was successful)
- A cryptogram (proves to the card scheme that the customer’s card can be processed)
Here, it is important that all technology partners in the distribution chain are able to transfer this data from the OTA to the airline. This may sound simple, but with potential for many layers of intermediaries in the distribution chain, it’s important travel suppliers have assessed the feasibility of transferring this new payment data from travel agencies to their own systems.
Similarly, the airline must ensure its own Point of Sale (PoS) systems are capable of processing these new data elements, otherwise when it tries to charge for a cancellation, it won’t be able to provide the required proof to the traveler’s bank and the payment will be declined.
In the hospitality industry, it’s even more commonplace for the traveler’s card to be charged for this type of extra service after they’ve left the property, for example, if there are charges at the mini bar.
Here is some practical advice for any firms planning to use the ‘pass through’ model:
- Travel suppliers must update contracts with travel agents so they can handle SCA and MIT agreements on their behalf
- Travel agents must clearly provide the travel supplier’s MIT terms and conditions at time of booking
- Travel suppliers should map out current transaction flows with API and technology partners in the distribution chain to check they can convey the new data elements. Suppliers may need to upgrade point of sale systems so they can perform MITs.
If you’reimplementing SCA , we recommend you downloadour new report to understand readiness levels across the industry and for a concise action plan on how to tackle SCA.
*Important:where a MIT is concerned only the Secure Corporate Payment exemption may be used to avoid SCA. Other SCA exemptions e.g. customer whitelisting are not valid because a high degree of confidence must be shown to prove it is the rightful cardholder consenting to future payments.
Read in full our research report on SCA for travel payments
TO TOP