Corporate Lodge & Virtual Cards Are Exempted from Final European Payment Security Rules, but Challenges Remain for Plastic Cards

The European Commission has exempted corporate payments from its finalized requirements for payment security authentication. In so doing, the commission resisted vehement opposition from the European Banking Authority.

Travel and payment representatives, though, had campaigned hard to keep the exemption. Without it, they said, lodge cards in particular would have become unworkable. "This is a success resulting from industry lobbying," said AirPlus International CEO Patrick Diemer.

The European Union's Revised Payment Services Directive, or PSD2, is introducing strong customer authentication for payments, but the European Commission's finalized requirements effectively exempt virtual card, lodge card and corporate pay corporate cards from SCA.

The news will come as a particular relief to Nordic travel buyers. The region's four travel management associations estimate 95 percent to 97 percent of their members' air bookings through travel management companies are settled via lodge cards. Finnish Business Travel Association managing director Sari Viljamaa said: "It's good news this won't be extended to B2B transactions, but I am still a little worried that there will be room for national legislators to make their own interpretations."

However, individual pay cards, which have been treated as consumer cards since the EU Interchange Fee Regulation took effect in 2015, are effectively excluded from the exemption. "Lodge cards, virtual cards and corporate cards with corporate pay are fine, but SCA still is required for plastic cards [that] don't fall under the exemption," said Diemer. Some corporate travelers have either individual pay corporate cards or even personal cards within the profiles TMCs use to make bookings on their behalf. In such cases, said Diemer, SCA will be required in order to complete payment. The same goes for leisure bookings. Conferma director of strategic relationships Paul Raymond agreed with Diemer. "We need to prepare for SCA anyway, so we are looking to see if there is a secure, easy way to do this," he said.

AirPlus is creating a working group of card companies, global distribution systems, travel management companies and other relevant parties to figure out a mutual approach to SCA. The group will meet in Germany for the first time this month. "The industry needs an industrywide solution," said Diemer. "We should have one procedure for everyone."

The best option seems to be trusted beneficiaries, better known as "white-listing," by which the customer nominates payees that can bypass SCA. "Even a white list requires technical development," said Diemer, but unhelpfully vague wording in the European Commission's final regulatory text makes it unclear whether trusted beneficiaries would be permitted for corporate payments. "If it's not allowed, we need to change procedures. There are various ways we can think of, all of which are unhelpful," Diemer added.
Diemer expects the new SCA requirements to drive more European travel programs toward unequivocally non-consumer payment mechanisms like lodge cards. Raymond predicted that virtual cards, which are tied to a centrally billed account, will gain the most. "Virtual cards lend themselves more readily to SCA because they are single transactions which can be related to an individual," he said.

The European Parliament and the European Council of member states must confirm the standards, which will take around 18 months to become law.