• Text here
  • Text here
Back to the blog

Guide to dematerialised and secure payment in the hotel industry

Which hotelier has never had problems with unpaid bills? The hotel industry is one of the only services to offer the payment phase after the service has been completed, a very old habit which nevertheless causes problems for some establishments. Between fraud, payment disputes and high commission rates, how can payment be made as secure as possible without adding friction to the customer's experience or constraints to operational work?


A dematerialised payment allows a payment transaction to be carried out without using a physical card at the time of the transaction. One of the primary interests of dematerialised payment is therefore sanitary, as it avoids the physical exchange of objects (payment terminal, bank card, receipt, etc.), which made sense when the Covid-19 appeared.

Digital payment also increases guest satisfaction and your teams' productivity. A wait at the reception desk is never time well-spent, even less so under the current special circumstances, where crowded environments can be anxiety-provoking for guests. All procedures that can be carried out by the guests in advance of check-in or check-out are worth doing, and this does not just concern payment but also the reservation of additional services, the signing of the registration form, etc.  

Dematerialised payment also makes it easier to manage late arrivals and early departures. As the payment phase or the retrieval of payment information is difficult to manage if the hotel does not have a 24-hour reception, it is worthwhile to dematerialise the process.


A Payment Service Provider (PSP) is necessary for any dematerialised payment: it is the intermediary between the buyer's bank (the hotel's customer) and the merchant's bank (the hotel). The PSP will manage the payment flow and ensure the security of the transfer.


Using an Electronic Payment Terminal, it is possible to carry out a "Distance Selling" which consists of entering the customer's card number on the Eftpos terminal to collect it.

This practice has existed for a very long time and was introduced by historic mail order brands such as La Redoute which allowed customers to pay from home. It requires a distance selling contract between the hotel and its bank. This contract is not usually paid for, but it defines the commissions that will be charged according to the type of card used for payment (rate of between 0.3% and 0.6% and higher for foreign bank cards and certain corporate cards).

The use of VAD payments is quite common in the hotel industry when guests have, for example, not passed through the reception during check-out or have not come to the hotel at all (no-show guests).

However, this type of payment is very easily disputed by the customer. And the reason is simple: there is no proof that the customer actually made the payment.


The payment gateway is the digital version of the physical Eftpos terminal, and therefore also requiresa secure distance selling contract (VADS) between the hotel and its bank. In addition to the commissions charged for each payment (the same as for VAD payments), there are thesubscription and fixed costs of the virtual EPOS provider (between €30 and €60/month and between €0.05 and €0.1 per transaction).

Some examples of payment gateways: PayZen, Paybox, Payline but also the gateways proposed by banks such as Monetico (Crédit Mutuel - CIC), SogeCommerce/Sogenactif (Société Générale), Systempay (Banque Populaire, Caisse d'Epargne), Click&Pay (Crédit du Nord)...


This type of solution can be defined as a mix of a bank and a payment gateway. It is a third party financial organisation that collects the payment from the customer and then transfers it to the hotel.

This solution does not require the hotel to enter into a contract with its bank, the VADS contract is provided in the offer of this type of provider. However, this results in higher commissions as these include a variable and a fixed fee for each transaction. The funds collected by the solution are transferred to the hotel's bank account on D+X.

Well-known examples are PayPal, Stripe, PayGreen, Adyen, Mollie, Lyra Collect, HiPay.

The advantage of having payments made through a payment gateway or an all-in-one solution is that you can be sure of receiving the payment, unlike payment by VAD.

All-in-one solutions are less common than payment gateways because bank transaction fees are low in France. Their fees are higher than those of the banks, so they are less competitive than payment gateways. In other countries, online payment is not managed by banks but by private acquirers, and all-in-one payment solutions are much more widespread.

Summary of dematerialised payment solutions


In the hotel industry, it is common practice to make a pre-authorised bank transfer on arrival. This is a way of ensuring that the guest will be able to pay for their stay and any extras.

At the end of the stay, the hotel may offer the guest the option of simply debiting their card for the exact amount of the stay.

This mode of operation can be carried out physically (on the Reception's Eftpos terminal) or online (carried out by the customer on their mobile).

In order for a pre-authorisation or payment (dematerialised or physical) to be perceived by the hotel, the bank card used for the payment must be associated with a "strong" authentication of the customer: either a secret code for a payment on a TPE or a 3D Secure authentication for an online payment.


A bank pre-authorisation is a bank guarantee that allows the hotel to "reserve" a given amount on the guest's account to be paid later.

Without action on his part, the hotel has the right to deduct this deposit for 7 days. After this period, the amount is released. The timing is therefore important, as this authorisation is cancelled after these 7 days.

The hotel should also bear in mind that the guest's ability to pay will be reduced by the amount of the pre-authorisation, which can be problematic for their stay. It is therefore advisable for the hotel to make a pre-authorisation on an amount calculated as close as possible to the total amount and to use the pre-authorisation when the guest leaves to release any surplus as soon as possible. The deposit can be released in full if, for example, the guest pays for his stay by another means (e.g. cash).

Pre-authorisation in physical banking

The bank pre-authorisation can be set up physically when the guest arrives. They are asked to provide their bank card, and the hotel then carries out a pre-authorisation on the physical Eftpos terminal. This process requires a so-called "strong" authentication: the client physically enters his secret code. The amount is reserved on the card's payment capacity and will then be debited by the hotel at the end of the stay.

Online bank pre-authorisation

Pre-authorisation can also be done online just before the customer's arrival (the morning of arrival or the evening before). Online pre-authorisation is equivalent to pre-authorisation at the payment terminal, but it is done without physical contact and at the most convenient time for the customer. This greatly speeds up the check-in process for both guests and hotel staff.

This online pre-authorisation is just as secure as the physical mode thanks to the 3D Secure protocol (see "3D Secure authentication" below).

The amount proposed to the client for the online pre-authorisation is defined beforehand according to the specificities of the hotel and the reservation: depending on the room booked, the number of nights, the reservation channel, the amounts of the services offered by the hotel (breakfast, restaurant, etc.), etc. It is advisable not to impose an amount that is too high, which would worry the client, but not too low to cover the costs of the stay either.

Why opt for an online banking pre-authorisation

The main advantage of making the pre-authorisation online is that the entire payment is dematerialised. The guest does not have to take out their card on arrival (they have already entered their bank details and completed the pre-authorisation from home or on the way to the hotel) and they do not have to pay at reception at the end of their stay. After departure, the hotelier can debit the guest's card with one click, changing the amount beforehand if it is lower (the difference is then released to the guest's account).

This is a real time saver for the hotelier, who can manage check-ins and check-outs more easily, and for the guest, who can leave more quickly without queuing and without the tedious step of paying.

However, it is very important to inform guests about the procedure. From the moment of booking, the guest must know exactly how the arrival and stay will take place and what steps they need to take. In order to encourage guests to complete the online pre-authorisation, it is therefore necessary to make it clear what this procedure is for, that the amount will only be invoiced at the end of the stay, and that, in the current context and to ensure their comfort and safety, it is imperative that it be completed. It should also be explained to them just before their departure how they will be charged, and the total cost of their stay should be summarised.


The 3-D Secure authentication ensures that in the case of an online pre-authorisation, the guest is the originator of this authorisation and therefore guarantees the payment for the hotelier. When entering their bank card, guests are redirected to their bank's website to authenticate themselves. The most common system is the receipt of an SMS on the mobile number associated with the guest's bank card.

Authentication is considered "strong" because it is based on at least two of the following three elements: data that only the guest has (such as a telephone), data that he or she knows (such as a password) and a personal characteristic (facial recognition or fingerprint).

The 3D Secure transaction benefits froma transfer of responsibility in the event of a payment dispute to the issuing bank. The hotel therefore benefits from the payment guarantee in the event of fraud.

To date, 3-D Secure is the only way for the hotel to ensure that the online payment is received.



Yes, all manual VADs made by the hotel on the physical Eftpos terminal (e.g. in the case of a no-show customer) can result in an unpaid bill. The customer has not authenticated himself in a "strong" way, so he can contest the payment. In this case, the hotel is responsible for the outstanding amount.


Yes, it is more complicated, but the customer can declare, for example, that his card has been stolen as well as his telephone. The payment can then be contested by the client with his bank, and if the unpaid amount is validated it is borne by his bank and not by the hotel (details and conditions vary according to the bank).


The bank imprint is sometimes requested by the hotel on the guest's arrival or collected by the Booking Engine at the time of booking, to ensure that the guest is in possession of a valid card (this makes the guest responsible and reassures the hotel). The hotel thus has the card number and the name of the owner of the card in its possession, and is able to debit this card in VAD. However, the payment is not guaranteed, the ill-intentioned customer will have no trouble disputing the payment.


No, the bank pre-authorisation is fixed on a given amount which is accepted by the customer. If the amount to be debited is higher than the amount fixed by the pre-authorisation, then the difference will be debited by direct debit. In theory, the difference that will be debited in VAD can be contested by the client, but this difference will come from consumption in the hotel, and is therefore difficult to discuss.


Yes, if the card is a VISA, Mastercard, American Express or other card that has the 3D Secure protocol. 3D Secure is a standard that originated with VISA (Verified by VISA) and MASTERCARD (Secured by Mastercard), and has been adopted by other operators such as AMEX (Safe key).


The type of bank card does not affect the guarantee of payment. Even a virtual card, created specifically for a purchase and intended for one-time use, does not guarantee that the guest is the one who made the purchase. Only 3-D Secure authentication guarantees that the hotel will be paid.


A payment can be contested by the guest up to 13 months after the transaction, which is a very long time. A payment by 3D Secure authentication can still be contested by the guest, but the bank guarantees the merchant (the hotel) to be paid (the bank would bear the cost if the contestation was legitimate).

For more information on this topic, you can review our our webinar with Lyra here.

For more information:

Lyra : What is 3D Secure?
Tendance Hôtellerie: The proper use of pre-authorisation
Ferratum bank: How to stay in a hotel without a credit card?

Photo Credits: Shutterstock, Deposit photos


You may be interested in these articles

Checklist for choosing your hotel software

Checklist for choosing your hotel software

5 key topics to discuss with your future technology providers, to choose the solution that's right for you

Cybersecurity basics

Cybersecurity basics

Data leaks from hotel chains, OTAs or reservation platforms are commonplace in the field of cybersecurity, and are shaking up the entire hotel and tourism sector. All hotels are affected by this threat and can be subject to attack, even small independent hotels. The reason for this is that

LoungeUp: The employee experience in the hotel industry: how to attract and retain teams? [Part 1]
The employee experience in the hotel industry [1/3]

The employee experience in the hotel industry [1/3]

Part 1. Recruitment / How to organise yourself in the face of current human resources constraints in the hotel industry? How to recruit and retain employees?