Cardholders are now required to use “strong authentication” when booking accommodation on the internet. 


In January 2021, new regulations came into effect regarding the handling of credit card data. 

What this means is that cardholders are now required to use “strong authentication” when booking accommodation on the internet. When card details are entered, the user is asked for a confirmation number which is sent by SMS. 


Godo does not store any credit card data.  We use a third-party credit card store, PCI Booking, which specializes in the storing and handling of credit card data. All charges from within Godo go through PCI Booking.


What changes when using 3DS authentication is that, along with the encrypted credit card data, a special encrypted code is saved with the card data. In all transactions with the card, this code is sent with the card details to the payment provider who can then determine if the code is legal and either allow or block the transaction.


3DSecure, or PSD2 as the regulations are called, was passed by the EU on September 14. 2019 and went into full effect on January 1. 2021. The three Icelandic payment providers, Rapyd, SaltPay, and Valitor, were allowing charges to pass without 3DS for two extra months but as of March 1., they have started to block cards that lack 3DS. 

If a booking has been made before the new regulations took place and it still hasn’t been charged, it might be necessary to ask for the card details again from the guest via a payment link.