This KLM 100 picture visualizes how I see NDC when it comes to payments, a brand new front-end working with a legacy back-end… When NDC was introduced by IATA in 2012, the payment component was not considered and frankly it feels like not much has happened since. But is this true?
Accepting payments for airline bookings in a traditional GDS environment has basically remained unchanged for the last 30-40 years. The overall majority of bookings is still paid to the airlines via “card” (major card schemes only, plastic, lodged or virtual)) or “cash” (settlement via IATA BSP/ARC clearing, the agent is the “MOR”). The original thought was that NDC transactions would abandon the GDS payment process and jump over to the airline’s direct/online set-up, but that worked out to be more complicated than foreseen. If you compare the “rusty GDS payment rails” with the rise of Fintech and the many payment related developments that happened in the direct/online channel, then you see the current mismatch between the 2 methodologies. No disrespect though, according to IATA the BSP’s processed a whopping $237B in 2017, with ARC adding another $90B!
Most airlines started accepting online card payments in the early 2000’s and have added local / alternative payments and advanced fraud management solutions during the last 10 years. Payments for the “online” (or digital) channel are typically managed by a different part of the organization, compared to “offline” (BSP/ARC). For instance user experience, conversion and gateway / fraud partners don’t play a role for “offline”. With the shift in the distribution mix caused by NDC, transactions moving from “offline” to “online” will now also have to switch “owner”. What will be new for “online” will e.g. be the use of virtual cards by agencies (and regulations like TIP) and the need for agency reporting.
Adopting the direct/online approach for (online) agencies however means adding a.o. (local) forms of payments like ewallets, online banking (both come with redirects) and fraud management (3D Secure 2.x, SCA, fraud screening), all functionalities not covered by NDC version 17.2 (3DS2 is scheduled for 19.2). What I see happening in practice is that most airlines chose to “flag” NDC transactions as “BSP card” or “BSP cash”, using the 40 year old rails in order not to disrupt ownership, legacy internal/external processes and reporting. Here we are; a brand new front-end working with a legacy back-end!
NDC payments 101
Impact on payment process, compared to “offline”:
- Authorization is done via the airline’s gateway / acquirer vs. directly on the scheme by the GDS
- After ticketing, capture of the transactions can be done in real-time vs. in batch after a couple days (after processing by the local BSP’s / ARC), improving cash flow
- In case of card transactions (consumer, corporate, virtual) the airline is the Merchant of Record for both “offline” and NDC
- Fraud management can be done by airline and/or the agent
- Liability for fraud related chargebacks switches to the airline (if no bilateral agreement in place)
- Transactions are flagged as eCom vs. MOTO, as a result qualifying for SCA
Impact on payment process, compared to direct/online:
- No 3D secure 2.x supported (yet)
- No Redirect payments supported (yet)
- No asynchronous (offline) payments (like regular bank transfers, cash or vouchers) supported
- In case the agent’s payment page is used, there will be no / less control over the UX
- The airline becomes responsible for PCI-DSS and will have to ensure that sensitive data is properly tokenized
During the upcoming World Aviation Festival in London, I’ll chair the payment track which will take place on September 4. NDC will be one of the topics on the list for the “Future of Payment Methods” panel.
Information on the payment component of NDC is unfortunately hard to find, as IATA limits the decision making process and the distribution of updates to airlines and Strategic Partners. This makes it difficult to create awareness in the wider travel payment community and slows down the roll out of NDC. As a result the above might not be 100% correct and will definitely not be complete. Any input / feedback is welcome as sharing is caring!