Larry Mogelonsky
Apr 8, 2022

The 3 Domains of Protecting Hotel Payments and Revenues

The 3 Domains of Protecting Hotel Payments and Revenues

Larry Mogelonsky
Apr 8, 2022
Payment | Technology

With so many difficulties from the pandemic still playing out in the hospitality industry, the 2022 calendar year will mark a dedicated stretch of time for continuing to streamline processes and staying lean on the labor front while increasing productivity.

This means automating wherever possible, simplifying the daisy chain of enterprise software, deploying better tech to help augment guest services and finding creative ways to keep costs down amid still-ambiguous demand forecasts.

There’s a lot you can do to fit these lofty goals, but where should you start? New advances within the payment industry touch on all of these aspects with immediate applicability, so it’s worthwhile to see how the latest and greatest can help a hotel property. In particular, we emphasize that many of these developments represent “low hanging fruit” – relatively frictionless business upgrades that will elicit incremental cost savings and productivity gains. They represent a quick win to give your organization some buffer to tackle large-scale projects.

At the forefront of the payment world is a concerted effort to rein in fraud, which hurts both the merchant and the processor. This involves rolling out additional layers of credit card verification and transaction flexibility. When you tally all the expenses associated with a fraudulent reservation, from room opportunity cost to cleaning costs, representment costs, processor penalties and so on, a single case can amount to roughly 250% of the total booking value. A key practice to help fight this — and one that requires a full explanation and a discussion on the bigger picture of payment evolution — is three domain secure or 3-D Secure (3DS).

How 3DS Works

This protocol isn’t revolutionary. It’s been in use and standardized for Europe, Africa, Australia and Russia for almost two decades in some territories. But it’s soon set to take hold of the North American market. This will breathe new life into the prospect of 3DS as a global standard, as well as what’s deemed a passing grade by payment card industry data security standards (PCI DSS) to, in turn, prevent interchange rate hikes.

Without getting into all the different acronyms and definitions for the payment industry (which are legion), what the three domains refers to are the broad-level delineations of parties involved to authorize payments and move funds over:

  1. Merchant (in this case a hotel), acquiring (merchant’s) bank and payment gateway
  2. Cardholder and issuing (cardholder’s) bank
  3. Interoperability network, such as a credit card processor

In the current system, payments are verified within the first and second domains this way: The payment gateway interacts with an internet-based access control server. It then separately parlays with the third domain to authorize the release of the funds from the cardholder’s account. With 3DS, customers at a merchant’s payment terminal are automatically brought to an issuer’s internal verification portal. They must insert a distinct user authorization key or text-delivered, one-time password to complete the transaction.

This extra step helps shift the burden of liability for fraudulent payments from the merchant to the issuing bank. Genuine fraud, or the unauthorized use of a card, is inordinately minimized. Friendly fraud, or claiming a chargeback after services were adequately rendered, is also somewhat thwarted. Significantly for our industry – where many hotels have recently become prime targets for fraud – this means relief that isn’t immediately visible when comparing annual income statements. That’s because the aforementioned 250% of total booking value is often buried under several disparate line items.

While a hotel fraudster may gain access to a guest’s 16-digit card number, expiration date and security code, it’s extraordinarily rare that they will also know the secondary passcode required for the issuer’s 3DS verification portal. For friendly fraud chargebacks, inputting the 3DS user authorization key raises the evidential threshold necessary to prove that the merchant acted in bad faith. This increases the likelihood for the acquiring party (that’s you) to win a dispute.

The Bigger Picture in 2022

Of all things affecting the hotel industry, why home in on 3DS? Compared to all the other challenges hotels will have to confront in the coming years – post-pandemic guest expectations, new service demands requiring hefty capex and tackling climate change through sustainability upgrades, to name a few – getting your payment systems in order is a fairly simple task. And it’s a steppingstone toward successfully operating in the new normal.

To drive profitability for the rest of the 2020s, you can no longer rely on a huge topline revenue figure to pad your gross profit and net operating income (NOI). All the recent COVID-19 variants have demonstrated just how quickly out-of-the-red occupancy targets can disintegrate — aided by exceptionally lenient cancellation policies which also aren’t going away anytime soon. Instead, the decade ahead will be defined by leaner, turnkey operations – fewer team members on hand to complete repetitive tasks and mandating more productivity from those that remain.

The only way forward is through automation. This will help hoteliers maintain a healthy NOI while occupancy forecasts in key segments remain at their respective nadirs or, worse, are one big question mark. Some hotels have already discerned ways to buoy profits and service debt with peak-period occupancies in the 25% to 40% range. This also renders them somewhat immune to the stubborn labor shortage challenges that will continue to plague us for at least the next few business cycles.

Your front office team no longer has the time to manually transfer payment cards from a gateway into the property management system (PMS). And by the way, this action is in breach of PCI compliance standards. Likewise, your accountants don’t have time to prepare documentation to properly dispute upward of 5% of all room reservations. Thirdly, with erratic revenue projections and opaque forward-looking travel demand data, you can no longer afford to incur fraudulent charges (sometimes docked as negative revenues) or have your processing fees go up – even by a few basis points – because the latest PCI DSS covenants deem you, the merchant, have been as high risk.

The Future of Payments

The broader theme behind our push for 3DS adoption is that its implementation will ultimately help reduce direct costs, administrative time and negative revenues. With this heightened level of transactional security also comes the flexibility to enact further upgrades to your payment ecosystem.

First up is 3DS2. It attempts to solve the friction induced by requiring a second password inserted into a separate frame prompted from the issuer. It only requires one when a challenge algorithm reviews the guest’s payment history and other contextual data then deems a transaction to be high risk. As well, this contemporary version allows developers to keep the auxiliary passcode wholly with a hotel’s branded app and not disrupt the (mostly mobile) guest experience.

The next big phase will be doing all this while eliminating the physical payment card itself. Many payment platforms capable of handling 3DS2 customer pass-throughs are similarly adept at facilitating transactions straight from a digital wallet. This technology verifies transactions based on what a customer has (phone) and is (face scan or thumbprint) and not necessarily what the customer knows (password). Think Apple Pay, Google Pay, WeChat Pay and a host of other mobile payment services.

And let’s not even get into where cryptocurrencies fit into all this! The bottom line is this: The sooner you upgrade your hotel’s payment apparatus, the sooner you can start cushioning your NOI then move on to solving far tougher challenges. In this sense, 3DS or 3DS2 is a fantastic first step for 2022.


Larry and Adam Mogelonsky are the owners of Hotel Mogel Consulting Limited, focusing on strategic planning, asset management, operations, sales and marketing, and technological implementation. As writers for the hospitality industry, their work includes six books as well as speaking engagements around the world. You can reach Larry at or Adam at to discuss hotel business challenges or to book speaking engagements.

Let's Get Digital

7 Questions to Ask Before You Invest in a Hotel Mobile App


Make a Better PMS Choice!

Not all properties are ready for PMS in the cloud. The good news is, at Agilysys it’s your choice on your timing. State-of-the-art leading PMS in the cloud or on-premise PMS. Either way we say YES.