Overview
The European Union has reached a provisional agreement on the Third Payment Services Directive (PSD3) and the accompanying Payment Services Regulation (PSR). For travel merchants operating in Europe, these new rules bring significant changes to fraud liability, authentication requirements, and how payment service providers (PSPs) must handle customer transactions. The legislation was agreed upon on November 27, 2025, with final adoption expected in the first half of 2026.
What PSD3 Means for Travel Businesses
Travel merchants face unique payment challenges: high transaction values, advance bookings, cross-border complexity, and elevated fraud risk. PSD3 addresses these pain points through several targeted measures that directly impact how travel businesses process payments and manage customer relationships.
Stronger Fraud Prevention Requirements
Under PSD3, payment service providers must add robust fraud prevention mechanisms or face liability for customer losses. Key requirements include:
- Name verification: PSPs must check that a payee’s name matches their unique identifier. If discrepancies exist, the payment must be refused.
- Mandatory risk assessments: All PSPs must conduct regular risk evaluations of their payment systems.
- Spending limits and blocking tools: Customers can now request spending caps and transaction blocking features from their banks.
- Suspicious transaction freezing: Receiving PSPs must freeze transactions they deem suspicious until verification is complete.
For travel merchants, this means more payment friction but potentially lower chargeback rates. The European Parliament emphasized that banks will now share more of the fraud burden when they fail to add proper safeguards.
Impersonation Fraud Protections
Travel booking scams often involve fraudsters posing as airline or hotel representatives. PSD3 introduces specific protections for impersonation fraud: if a scammer pretends to be a PSP employee and tricks a customer into approving a payment, the PSP must refund the full amount provided the customer reports the fraud to police and notifies their bank.
This shifts liability away from individual merchants in many scam scenarios, placing responsibility squarely on payment providers.
Platform Liability for Fraudulent Content
Online platforms where fraudulent travel listings or phishing content appears now face direct liability. If platforms are informed of fraudulent content and fail to remove it, they become liable to PSPs who have reimbursed defrauded customers. This builds upon the existing Digital Services Act framework and should help reduce fake travel listings on major booking platforms.
Transparency and Consumer Rights
Mandatory Fee Disclosure
PSD3 requires PSPs to inform customers about all charges before payment initiation. This includes:
- Currency conversion charges
- Fixed fees for ATM withdrawals
- Any other payment-related costs
For travel merchants offering multi-currency pricing or payment plans, ensuring your PSP complies with these disclosure requirements will be essential to avoid transaction abandonment.
Human Customer Support Requirement
A notable win for consumers: PSD3 mandates that payment service users must have access to human customer support, not just chatbots. When travel disruptions occur and customers need urgent payment assistance, this requirement ensures they can reach a real person to resolve issues.
Open Banking and Competition
PSD3 aims to level the playing field between traditional banks and fintech payment providers. The directive reduces barriers for open banking services by:
- Preventing banks from discriminating against account information and payment initiation services
- Requiring banks to provide payment institutions with non-discriminatory access to payment accounts
- Mandating user dashboards where customers can monitor and manage data-sharing permissions
For travel merchants, this should expand payment options and potentially reduce processing costs as more fintech competitors enter the market.
Cash Access Improvements
Recognizing that cash remains important for travelers, particularly in remote areas, PSD3 allows retail stores to offer cash withdrawals between €100 and €150 without requiring a purchase. This benefits tourists who need local currency without hunting for ATMs.
Timeline and Implementation
The provisional agreement was reached on November 27, 2025. The final texts must be formally adopted by the European Parliament and Council before coming into force. Industry experts anticipate publication in the Official Journal of the European Union in the first half of 2026, with implementation timelines to follow.
Travel merchants should begin conversations with their payment providers now to understand how they are preparing for PSD3 compliance.
Key Takeaways
- PSP liability for fraud increases significantly if proper prevention mechanisms are not in place
- Travel merchants benefit from reduced liability in impersonation fraud cases
- All payment fees must be disclosed transparently before transaction completion
- Human customer support becomes mandatory for payment service providers
- Open banking expansion should increase payment competition and options
- Implementation expected in 2026; preparation discussions should begin now
Sources: European Parliament, William Fry, Powens
