Skip Navigation

SCA Compliance Data

Staring with version v1.19.10 of the Update Reservation and Get Reservation APIs, Sabre supports Payment Service Directive 2 (PSD2) compliant Strong Customer Authentication (SCA) for payment cards.

PSD2 is a set of rules that change how consumers confirm their identity when making purchases online. The rules apply in full for card payments from 31 December 2020 in the EEA and from 14 September 2021 in the UK.

SCA support in UpdateReservation

When adding a payment card Form of Payment (FOP) to the PNR using Update Reservation, the SCA can be specified:

Sample Request:

<OpenReservationElement type="FP" displayIndex="1">    
     <or:FormOfPayment alwaysAddAsFop="true">      
         <or:PaymentCard reconcileAsCash="false" virtual="false">          
            <or:PaymentType>CC</or:PaymentType>            
            <or:CardCode>BA</or:CardCode>          
            <or:CardNumber>4487971000000006</or:CardNumber>                 <or:ExpiryMonth>--01</or:ExpiryMonth>          
            <or:ExpiryYear>2023</or:ExpiryYear>             <or:StrongCustomerAuthentication Channel="SC"
 CardNumberCollection="K" ExemptionCode="EC" MandateType="NS" OriginalPaymentRef="1234547839012345" MerchantName="TEST CREDIT CARD" T3DSAuthValue= "ABC123455533533444455555678" TAVV="ABC3434334343556677487312567" ECI="AB" DirectoryServerTrxID="ABCDEFGHI123456789012!.1234567890123" Version="12" AuthenticationIssues="AO" PurchaseAmount="1234.56" PurchaseCurrency="USD" VerificationResult="PASS" AuthenticationResult="OK"/>     
        </or:PaymentCard>  
    </or:FormOfPayment>
 </OpenReservationElement>

Notes:

  • For Travel Agencies, when alwaysAddAsFOP is true, the FOP will be added as an Open Reservation FOP element (not as 5- remark) even if the new FOP product functionality (PNAPNR TJR indicator is ON) is not enabled for the agency.
  • Only open reservation FOPs can be referenced in lodging requests. We recommend setting this flag to TRUE if the FOP will be used for reference in Lodging requests. Refer to the PSD2/SCA support for Lodging in Update Reservation section for more information.

The schema for SCA includes the following optional attributes:

Sample Schema:

<xsd:complexType name="StrongCustomerAuthentication">
    <xsd:annotation>
       <xsd:documentation>Payment Services Directive (PSD) information</xsd:documentation>
   </xsd:annotation>
   <xsd:attribute name="Channel" type="xsd:string"/>
   <xsd:attribute name="CardNumberCollection" type="xsd:string"/>
   <xsd:attribute name="ExemptionCode" type="xsd:string"/>
   <xsd:attribute name="MandateType" type="xsd:string"/>
   <xsd:attribute name="OriginalPaymentRef" type="xsd:string"/>
   <xsd:attribute name="MerchantName" type="xsd:string"/>
   <xsd:attribute name="T3DSAuthValue" type="xsd:string"/>
   <xsd:attribute name="TAVV" type="xsd:string"/>
   <xsd:attribute name="ECI" type="xsd:string"/>
   <xsd:attribute name="DirectoryServerTrxID" type="xsd:string"/>
   <xsd:attribute name="Version" type="xsd:string"/>
   <xsd:attribute name="AuthenticationIssues" type="xsd:string"/>
   <xsd:attribute name="PurchaseAmount" type="xsd:string"/>
   <xsd:attribute name="PurchaseCurrency" type="xsd:string"/>
   <xsd:attribute name="VerificationResult" type="xsd:string"/>
   <xsd:attribute name="AuthenticationResult" type="xsd:string"/>
   <xsd:attribute name="Id" type="xsd:string"/>
   <xsd:attribute name="LastUpdateTime" type="xsd:dateTime"/>
</xsd:complexType>

  • Validations are not performed by Update Reservation on any attributes. Id and LastUpdateTime do not need to be specified in the request. LastUpdateTime, if specified, will be honored.

  • Id is always autogenerated by Update Reservation after sorting SCAs by lastUpdateTime (with 1 being the earliest one). A payment card can have up to 25 SCAs. If more than 25 SCAs are specified, the most recent 25 will be retained.

The SCA may be added to or deleted from an existing Payment Card by using PaymentCardAuthenticationAction:

Add Sample Request

<stl19:ReservationUpdateList>
     <stl19:ReservationUpdateItem>
          <stl19:OpenReservationAction>
              <or114:PaymentCardAuthenticationAction fopElementId="3" op="CREATE">
    <or114:StrongCustomerAuthentication Channel="EC2" ExemptionCode= "SC2" T3DSAuthValue="78910"/>
                </or114:PaymentCardAuthenticationAction>
          </stl19:OpenReservationAction>
     </stl19:ReservationUpdateItem>
</stl19:ReservationUpdateList>

Delete Sample Request

<stl19:ReservationUpdateList>
    <stl19:ReservationUpdateItem>
       <stl19:OpenReservationAction>
           <or114:PaymentCardAuthenticationAction fopElementId="3" op="DELETE">
            <or114:StrongCustomerAuthentication Id="2"/>
         </or114:PaymentCardAuthenticationAction>
     </stl19:OpenReservationAction>
   </stl19:ReservationUpdateItem>
</stl19:ReservationUpdateList>

Note: fopElementId is the ID of the FOP Open Reservation element.

SCA support in Get Reservation

Get Reservation v1.19.10 can retrieve SCA data using the payment card's FOP, if present:

Sample Request

<GetReservationRQ Version="1.19.10" xmlns= "http://webservices.sabre.com/pnrbuilder/v1_19">
     <RequestType>Stateful</RequestType>
     <ReturnOptions>
           <ViewName>Full</ViewName>
     </ReturnOptions>
</GetReservationRQ>

Sample Response

<stl19:GetReservationRS Version="1.19.10" xmlns:stl19= "http://webservices.sabre.com/pnrbuilder/v1_19"xmlns:or114="http://services.sabre.com/res/or/v1_14">
   <stl19:Reservation numberInParty="0" numberOfInfants="0" NumberInSegment="0">
      <stl19:BookingDetails>
         <stl19:UpdateTimestamp>1899-12-31T18:00:00</stl19:UpdateTimestamp>
         <stl19:PNRSequence>0</stl19:PNRSequence>
         <stl19:DivideSplitDetails/>
         <stl19:UpdateToken>7e604ab0f9d762aa</stl19:UpdateToken>
      </stl19:BookingDetails>
  <stl19:POS AirExtras="false" InhibitCode="U">
     <stl19:Source BookingSource="A0A0" PseudoCityCode="xxxx" AirlineVendorID= "AA" HomePseudoCityCode="xxxx"
PrimeHostID="1S"/>
  </stl19:POS>
  <stl19:PassengerReservation>
    <stl19:Passengers/>
    <stl19:Segments/>
    <stl19:TicketingInfo/>
    <stl19:ItineraryPricing/>
  </stl19:PassengerReservation>
  <stl19:ReceivedFrom/>
  <stl19:Remarks>
     <stl19:Remark index="1" id="2" type="FOP" elementId="pnr-2">
       <stl19:RemarkLines>
          <stl19:RemarkLine>
             <stl19:Text>BA4XXXXXXXXXXX0006¥01/23</stl19:Text>
          </stl19:RemarkLine>
       </stl19:RemarkLines>
    </stl19:Remark>
  </stl19:Remarks>
 <stl19:EmailAddresses/>
 <stl19:OpenReservationElements>
     <or114:OpenReservationElement id="3" type="FP" displayIndex="1" elementId
="pnr-or-3">
        <or114:FormOfPayment migrated="false">
            <or114:PaymentCard reconcileAsCash="false" virtual="false">
               <or114:PaymentType>CC</or114:PaymentType>
               <or114:CardCode>BA</or114:CardCode>
               <or114:CardNumber tokenized="true" masked="true"
>4XXXXXXXXXXX0006</or114:CardNumber>
               <or114:ExpiryMonth>--01</or114:ExpiryMonth>
               <or114:ExpiryYear>2023</or114:ExpiryYear>
               <or114:StrongCustomerAuthentication Channel="EC" ExemptionCode="SC" T3DSAuthValue="123456" Id="1" LastUpdateTime="2021-01-28T09:33:07"/>
           </or114:PaymentCard>
         </or114:FormOfPayment>
      </or114:OpenReservationElement>
    </stl19:OpenReservationElements>
 </stl19:Reservation>
</stl19:GetReservationRS>

The SCA data will also be stored at the end of the current *FOP element(s).

When the credit card is added with SCA data, it will not contain other credit card elements; however, if the SCA is provided with a reference to an existing Payment Card, the credit card may contain some (or all) of the additional elements. In this case, SCA data will be included at the end of the current payment card display.

Note: SCA data is not stored in the host PNR history.

Example Host Basic Display:

FOP

FORM OF PAYMENT                                              
  1. PAYMENT CARD TYPE                                       
     VI4XXXXXXXXXXX1111/1022                           
     SCA COMPLIANCE INFORMATION
     1. AMOUNT – USD 123456.00         TIME/DATE - 1752/12JAN21

Example Host Extended Display:

FOP1/SCA1

FORM OF PAYMENT                                              
  1. PAYMENT CARD TYPE                                       
     *VI4XXXXXXXXXXX1111/1022           
     SCA COMPLIANCE DATA
     1. AMOUNT – USD 123456.00        TIME/DATE - 1752/12JAN21
  EXCEMPTION CODE - EC
  CHANNEL - SC
  CARD NUMBER COLLECTION - K
  MANDATE TYPE - NS
  AUTH TRANS ID - 1234547839012345
  MERCHANT NAME - TEST CREDIT CARD

PSD2/SCA support for Lodging in Update Reservation

Update Reservation v1.19.10 supports PSD2/SCA compliance for lodging in two ways; specify SCA data as part of the payment information in hotel sell or modify request.

When using newRef to specify a payment card as payment in the Hotel Sell/Modify UpdateRes request, SCA data can now be specified inside the payment card (optional). If more than one SCA is specified, the first one will be picked up to be passed to downline systems.

Sample Request

<stl119:UpdateReservationRQ Version="1.19.10" xmlns:or114="http://services.sabre.com/res/or/v1_14" xmlns:stl119="http://webservices.sabre.com/pnrbuilder/v1_19">
    <stl119:RequestType commitTransaction="false" initialIgnore="false"> Stateful</stl119:RequestType>
    <stl119:ReturnOptions RetrievePNR="true" IncludeUpdateDetails="true"/>
    <stl119:ReservationUpdateList>
        <stl119:ReservationUpdateItem>
            <stl119:ProductUpdate op="C">
                <stl119:Product>
                    <or114:ProductDetails>
                        <or114:ProductName type="HHL">Lodging</or114:ProductName>
                        <or114:Lodging>
                            <or114:ResGlobalInfo>
                                <or114:BookingInfo RequestorID="SG11111" CorpDiscount="CD1234567" PromotionalCode="XJKGHLDE" Email="a@b.com">                               <or114:BookingKey>sampleSuccessKey</or114:BookingKey>
                                    <or114:HotelReservationIds>
                                        <or114:HotelReservation Id="123PNR" Type="40"/>
                                    </or114:HotelReservationIds>
                                </or114:BookingInfo>
                                <or114:HotelInfo HotelCode="hotelCode" HotelName="hotelName">
                                    <or114:LocationInfo>
                                        <or114:Contact Fax="+991234567890"/>
                                    </or114:LocationInfo>
                                </or114:HotelInfo>
                                <or114:StayDateRange StartDate="2021-05-04" EndDate="2021-05-07"/>
                                <or114:Total AmountAfterTax="1000.00" CurrencyCode="USD"/>
                            </or114:ResGlobalInfo>
                            <or114:Rooms>
                                <or114:Room SegmentNumber="1" NonSmoking="false" AccessibilityInformation="3" RoomIndex="1" BedTypeCode="1">
<or114:Guests>
                                        <or114:Guest Type="10" Email="FHJQBJGT@EMAIL.COM" Age="44" Index="1" LeadGuest="true" FrequentFlyerNumber="FLY123450" LoyaltyId="LOY123450" FirstName="ZTTHNK" LastName="TDSMOCK" Title="JOECG">
                                    <or114:Contact Phone="614356854531" Mobile="541073441"/>
                                        </or114:Guest>
                                    </or114:Guests>
                                    <or114:RoomDescription Name="roomDesc">
                                        <or114:Text>roomDesc</or114:Text>
                                    </or114:RoomDescription>
                                    <or114:RatePlan RatePlanCode="123"/>
                                    <or114:SpecialInstructions>
                                        <or114:SpecialInstruction>Ocean view</or114:SpecialInstruction>
                                        <or114:SpecialInstruction>Bring only plates</or114:SpecialInstruction>
                                    </or114:SpecialInstructions>
                                </or114:Room>
                            </or114:Rooms>
                            <or114:SpecialInstructions>
                                <or114:SpecialInstruction>Another special Instructions with length exceeding 127 signs to check if constraint works properly and cuts test in right here and this is not seen.</or114:SpecialInstruction>
                            </or114:SpecialInstructions>
                            <or114:PaymentInformation Type="GUARANTEE">
                                <or114:FormOfPaymentReference newRef="9"/>
                            </or114:PaymentInformation>
                            <or114:POS>
                                <or114:Source AgencyName="TDSKit agency" ISOCountryCode="US" PseudoCityCode="61N1">
                                    <or114:RequestorID Type="5" Id="12345678" IdContext="IATA"/>
                                    <or114:AgencyAddress>
                                        <or114:AddressLine1>Wadowicka 6</or114:AddressLine1>
                                        <or114:AddressLine2>Entrance D</or114:AddressLine2>
                                        <or114:AddressLine3>Phone:345-345-345</or114:AddressLine3>
                                        <or114:CityName CityCode="KRK">Krakow</or114:CityName>
                                        <or114:StateProv StateCode="MP">malopolska</or114:StateProv>
                                        <or114:PostalCode>33-200</or114:PostalCode>
                                        <or114:CountryName Code="PL">Poland</or114:CountryName>
                                    </or114:AgencyAddress>
                                    <or114:AgencyContact Phone="9889-8231-1231" Mobile="333 333 999" Fax="234-234-234"/>
                                </or114:Source>
                            </or114:POS>
                        </or114:Lodging>
                    </or114:ProductDetails>
                </stl119:Product>
</stl119:ProductUpdate>
        </stl119:ReservationUpdateItem>
        <stl119:ReservationUpdateItem>
            <stl119:OpenReservationElementUpdate id="9" op="C">
                <stl119:OpenReservationElement id="9" type="FP">
                    <or114:FormOfPayment>
                        <or114:PaymentCard reconcileAsCash="false">
                            <or114:PaymentType>CC</or114:PaymentType>
                            <or114:CardCode>BA</or114:CardCode>
                            <or114:CardNumber tokenized="false" masked="false">4487971000000006</or114:CardNumber>
                            <or114:ExpiryMonth>--12</or114:ExpiryMonth>
                            <or114:ExpiryYear>2022</or114:ExpiryYear>
                            <or114:StrongCustomerAuthentication Channel="SC" CardNumberCollection="K" ExemptionCode="EC" OriginalPaymentRef="1234547839012345" MerchantName="TEST CREDIT CARD" MandateType="NS"/>
                        </or114:PaymentCard>
                    </or114:FormOfPayment>
                </stl119:OpenReservationElement>
            </stl119:OpenReservationElementUpdate>
        </stl119:ReservationUpdateItem>
        <stl119:ReceivedFrom>
            <stl119:Name>LodgingPSD2</stl119:Name>
        </stl119:ReceivedFrom>
    </stl119:ReservationUpdateList>
</stl119:UpdateReservationRQ>