Travel & Hospitality: Indirect Sales Transactions

Payvision_PSD2 Making complicated security regulations straightforward

SCA compliance

For travel and hospitality businesses, major card schemes have outlined additional guidelines to avoid declining your indirect sales transactions. Learn more about this below. 

How does SCA impact Indirect Sales Transactions?

As national regulators prepare to enforce Strong Customer Authentication (SCA) for indirect sales transactions, major card schemes are outlining some options for travel and hospitality merchants to avoid declines when it comes to online booking transactions performed via third parties.

In an indirect sales model, different entities are involved in the online booking and the subsequent payment. An online booking may lead to one or more payments of varying amounts and spread over an extended time. As a way to avoid declines, major card schemes have outlined rules to consider all subsequent payments as Merchant Initiated Transactions (MITs).


Example of an Indirect sales transaction:

A hotel’s (merchant) accommodation (service) is often sold by a tour service (third party) to travelers (cardholders). Travelers book and pay for their accommodation to the tour service, instead of to the hotel directly, in three installments leading up to the holidays.


What are Merchant Initiated Transactions (MITs)?

MITs are a single, or a series of transactions that are for fixed or variable amounts – initiated at fixed or variable intervals – subject to an agreement set up between the merchant and the cardholder. The agreement is made during the first transaction a cardholder has authenticated and gives the merchant permission to initiate future transactions without the cardholder’s direct involvement.

Read more about PSD2’s allowances and requirements for MITs here and how to avoid transactions being soft-declined due to lack of SCA.


Why are MITs necessary in an Indirect Sales Transaction?

Merchants need enough data to be able to provide “proof of authentication” as the transaction goes through various touchpoints with different entities (between booking and final payment) in an Indirect Sales Transaction. As such, PSD2 requires that third-party agents present an MIT agreement to the cardholder at the time of online booking in order to comply with SCA.

To that end:
  • Merchants must ensure they upgrade their payment processing systems to provide proof of authentication for Indirect Sales Transactions.
  • Merchants are responsible for putting in place or updating contractual agreements with the third-party agents they partner with to confirm that an MIT agreement is presented to the cardholder at time of booking (before the payment is authenticated).

Additionally, the terms and conditions of the agreement must be clearly outlined, with SCA being guaranteed once the MIT agreement is confirmed.

We highly recommend that merchants action these requirements before the enforcement deadline of January 1, 2021, as all Indirect Sales Transactions without proper SCA compliance are likely to be soft-declined from then onwards. There are however a few exceptions, which are detailed below.


What happens in the interim period?

During the period where the merchant has not yet obtained adequate “proof of authentication” when initiating the MIT, the onus is on the merchant to flag such transactions as MIT.

If MITs are not flagged properly, issuers will soft-decline the transaction due to the lack of SCA compliance. To avoid such declines until systems are upgraded, major card schemes are allowing the following options:


Merchants can flag MITs as out of scope with the Mail Order or Telephone Order indicator with a value of 2 in the “Merchant Account Type” field; if your current configuration does not allow this option, reach out to us at Payvision and we can arrange for an update.


Merchants can flag the MITs as out of scope using a dummy Trace ID in the “Additional Information, SchemeTransactionID” field. The dummy Trace ID should have the below format:

  •  Positions 1–3 = “MCC”
  •  Positions 4–9 = “999998"
  • Positions 10–13 = “1231”
  • Positions 14–15 = blank filled
In case the standard MIT protocols cannot be implemented by 1 January 2021, merchants will be allowed to keep using the Mail Order or Telephone order indicator via the “Merchant Account Type” field until the implementation is completed, provided that SCA was performed as per PSD2.

Merchants must be aware that authorization approval rates may be affected by the MIT indication and absence of proof of authentication. Travel & Hospitality sector businesses can be identified through the following MCCs:
  • Airlines & Air Carriers - MCCs 3000 through 3350 and 4511
  • Lodging - MCCs 3501 through 3999 and 7011
  • Car Rentals - MCCs 3351 through 3500 and 7512
  • Cruise Lines - MCC 4411
  • Travel Agencies - MCC 4722
  • Railways and railroads - MCC 4112 and 4011
  • Vacation Rental - MCC 6513
  • Bus Lines - MCC 4131
  • Ferries - MCC 4111

Do you need more information?

Please reach out to your dedicated Account Manager, or the Payvision support team via