WuBook_logo.svg

Official blog

Search

MOTO operations: risks and contraindications of manual PAN

Dear WuBookers,
as anyone who has been running a property for a while knows, “card not present” transactions (i.e., in the absence of the customer) have been strongly discouraged by European regulation for the past few years. Indeed, the regulations aim to protect buyer and hotelier from the possible – and unfortunately frequent – risks related to so-called manual PAN. Let’s review them together, analyzing how they can be avoided also thanks to the application of the so-called PSD2.

What is manual PAN and what is meant by MOTO transactions.

Let’s start by unraveling some acronyms: MOTO refers to transitions that occur via POS as a result of an order received by mail or telephone (the acronym stands for “Mail Order / Telephone Order”). These transactions require the hotelier to manually register the guest’s credit card when the guest is not physically present at the hotel. The concept is thus associated with manual PAN, where the PAN (Primary Account Number) is the typically 16-digit number found on the front of payment cards.
In other words, whenever a manager receives a customer’s card information to make a remote charge, we are dealing with a MOTO operation.

All the risks of manual PAN

Seemingly very convenient, manual PAN carries several risks for guests and hoteliers. The first concerns the proper handling and storage of the data by the hotelier, who will have to make sure to carefully protect the information captured to avoid incurring penalties or causing unintentional harm to the customer.
Then it is not certain that the bank will authorize the transaction, especially if it is a European institution, where PSD2 (which we will discuss in a moment) applies.

The customer themselves could also disallow the charge, as it occurred in their absence. In the event of a dispute, it is up to the property to produce the necessary documentation to prove that the transaction took place with the card owner’s consent, averting the risk of a claim for reimbursement (“chargeback”). An eventuality that could cause quite a few difficulties, especially if the order was placed by telephone, and give rise to recurring fraud attempts against the hotel.
Also to prevent this from happening, ad hoc legislation was introduced in Europe a few years ago to protect merchants and buyers when remote payment occurs: the PSD2.

PSD2 and SCA: standards and requirements to ensure secure payments

The full name is “Payment Services Directive 2,” but it is better known by the abbreviation PSD2 and aims to make digital payments more secure.

Among the new features introduced by the decree is SCA, which stands for “ Strong Customer Authentication”.
Unlike the classic manual PAN, in which it was sufficient to have the card number, SCA requires the additional use of at least 2 of the following:

  • PIN or password, which is a code that only the customer knows; 
  • phone number or token for generating codes in the possession of the customer; 
  • fingerprint or facial recognition, which is biometric information that identifies the customer using special tools. 

Without any of these requirements, the transaction may fail, especially in the case of credit cards pertaining to banks in the European territory. 

Payment types involved by the SCA

As anticipated, the SCA covers all payments that occur remotely, regardless of their type and sales channel.
Subject to the strong authentication are, for example: early payments (such as down payments and deposits) or pre-authorizations functional to the reservation, including any balance before arrival at the property.
Transactions related to cancellation or no-show penalties must also follow these criteria.

The same applies to expenses due to damage or extra consumption, which can be found at the time of check-out or after the guest has left the property. In the latter case, it is best to follow the pre-authorization procedure, having the guest approve it while he or she is physically in the property. 

Logically, the SCA does not apply to walk-ins or in the presence of the guest, however, as these are not remote transactions: under these circumstances, it is sufficient to use the POS.
But how to handle payments efficiently and securely, in accordance with current regulations?

PMS and payment gateways: the right combination for secure payments

Excluding the manual PAN and acknowledging the need to comply with the current law, it is worthwhile to equip oneself with two fundamental tools that can be integrated with each other: one (or more) payment gateways and a good hotel PMS. Let’s go in order.
A payment gateway is a technological system for brokering electronic transactions. Platforms such as Nexi, Stripe or PayPal, to name a few, provide a secure environment in which to handle payments through various methods such as credit card, debit card or virtual wallet. They usually charge fees related to the number of transactions carried out within them, but the benefits are numerous: ensuring greater security for both the payer and the recipient thanks to cryptographic and fraud detection systems; speeding up the operations of the reservation office, which no longer has to deal with manual records and data storage; and eliminating the risk of chargebacks. 

Furthermore, payment gateways can be adopted for both direct reservations (via booking engine, electronic quote or booking link) and indirect reservations (occurring, for example, on OTA portals).

How to incorporate them into one’s operations? For example, by adopting a hotel PMS that provides for their integration. Zak, WuBook’s hotel management software provides 4 methods of assurance: 

  • pre-authorization, which is the “freezing” of a certain amount for a certain number of days; 
  • Authorization by the customer for a later charge; 
  • payment by bank transfer;
  • immediate online payment. 

All guarantee methods are supported by the most common payment gateways to facilitate guests and managers by ensuring smooth, efficient and secure transactions.
In addition to this, for non-EU customers, card details can still be requested and imported to Zak.

In most cases, manual transactions are now a distant memory, and technology offers quite a few solutions – far more reliable! – to carry out financial transactions with peace of mind and in accordance with current law.

About WuBook:

We help customers to have easy access to the best technologies in the tourism industry to grow their business.
PMS – CHANNEL MANAGER – BOOKING ENGINE for Hotel, B&B, Hostels and Vacation rentals.
Find out more.

Categories:

Join over 22,000 establishments increasing their business with WuBook!

Integrated Property Management System, Booking Engine and Channel Manager.
Let’s start together – We help you – No restraint

Try WuBook for free

Copyright © 2025  WuBook Official blog. All rights reserved. | Privacy Policy