Beginning March 2021 Hilton will begin supporting PSD2 requirements

The Revised Payment Services Directive (PSD2) is based off European Union directives requiring travel partners who meet certain conditions to support strong customer authentication.
If you are a travel partner who sends Hilton a retail bookings that meet the below criteria then it is expected your interface should support PSD2 and send in the necessary fields on booking requests to Hilton.

• The booking is for a Hilton property located in the European Union/UK,
• The issuing bank of the credit card is within European Union/UK, and
• The customer entered the credit card information. Merchant bookings, virtual credit cards do not apply.

If all of the above is true then the travel partner booking interface should handle Strong Customer Authentication (SCA). The resulting authentication response (SCA) data should then be passed to Hilton within the SecureCustomerAuthenticationInfo object on DCRes JSON request.

Commonly Asked Questions

Do I need to pass in SCA elements on a modify request?
Yes. When the booking amount changes from the previously authenticated amount it will require a new SCA. For modifies not requiring rate changes such as updating reservation comments the original SCA should be passed in.

What happens if I do not pass in SCA elements for a booking that falls within PSD2 directives?
If authentication elements are not passed to Hilton, the booking should still succeed, although it may make it more difficult for property to charge.

When passing SCA elements do I need to populate all SecureCustomerAuthenticationInfo elements supported by Hilton?
While all fields in the SecureCustomerAuthenticationInfo JSON object are optional it is recommended that you accurately populate as many as possible based on what your interface can support. Your interface may also support SCA fields beyond what Hilton has defined within SecureCustomerAuthenticationInfo JSON object. The additional fields can be left unmapped as Hilton does not require them.

Can Hilton reject a booking due to data passed within SCA elements?
If the SCA elements passed meet the regex pattern found within the DCRes JSON swagger then the request should not fail. While the SCA elements are expected to follow the ‘Accepted Values’ column in table below, Hilton will not fail the request as long as it meets the JSON regex.

If you are a consumer of Hilton’s DirectConnect API and have further questions regarding Hilton’s support of PSD2 then please reach out to your point of contact at Hilton.

Below is an overview of Secure Customer Authentication elements that Hilton supports. Exact details of the SecureCustomerAuthenticationInfo object found within the swagger here.