Your EPS account
Sign in to view secure API documentation, update your account details, log support requests and much more.
Your email or password is incorrect. Please try again or reset your password.
If the issue persists please contact your EPS representative.
Reset your password
Please enter your email address below. We will send password reset instructions to the email associated with your EPS account.
Thank you
An email has been sent to your account email address with further instructions on how to reset your password.
The new Payment Services Directive 2 is an EU regulation which will require changes to the checkout and booking process for all transactions involving a credit card issues by an EU state. security on all payments involving a credit card issued by an EU state.
The aim of this regulation is to help reduce online fraud and protect consumers. It will come into effect in September 2019 and all EPS partners can be affected by it if they handle the affected payment types. If affected payments are not compliant by this date then they fail, as EU banks will reject these transactions. The banks will independently be enforcing this regulation and they will reject payments regardless of whether the partner is based in the EU or not.
This page explains how supported EPS payment types will be impacted and what actions partners can take to be compliant when serving their customers. If you would like to learn about the directive in more details, please review the legislation on the official European Commission site.
Compliance Requirements
The steps to enable compliant transactions in the EU will vary depending on whether the transaction involves EAC, partner’s credit card, or the customer’s credit card (EPS MoR).
Expedia Affiliate Collect
Bookings that use EAC are unaffected by the PSD2 regulations – no payment process or API integration changes with EPS are needed to reach compliance. However, you may be impacted by the regulations if you are the merchant of record and charge customer’s credit card, debit card, or other form of payment within the scope of the EU regulations. The regulations likely require you to support a PSD2-compliant version of Two-Factor Authentication in the payment process. Please reach out to your payment processor to learn more about their capabilities to help merchants reach PSD2-compliance and avoid failed transactions in September 2019.
Partner Cards
If your company is the merchant or record and pays EPS with an EU-issued credit or debit card owned by your company, you may be impacted by the regulations. The set of PSD2-compliant cards is:
- Single-use virtual cards
- Multi-use virtual cards issued outside the EU
- Corporate cards issued to your company (not issued to a person)
You may also be impacted by the regulations if you charge your customers’ credit card, debit card, or other form of payment within the scope of the EU regulations. The regulations likely require you to support a PSD2-compliant version of Two-Factor Authentication in the payment process. Please reach out to your payment processor to learn more about their capabilities to help merchants reach PSD2-compliance and avoid failed transactions in September 2019.
If the above PSD2-compliant partner cards are not preferable, your organization can request an exemption directly from the bank that has issued your partner card. If an exemption is granted, transactions on that card will not require authentication except for a possible one-time online verification using two-factor authentication (2FA). This one-time requirement can vary per bank. Please note that, obtaining an exemption can be lengthy process and it will also mean that your bank may hold you liable for fraudulent payments.
Customer Cards
If your company uses EPS as the merchant or record by sending customer cards to EPS, you may be impacted by the regulations. When customers book online, without a retail agent, the regulations require that EPS let customers verify whether they initiated the payment. The PSD2-compliant process for this requirement is Two-Factor Authentication (2FA) during the payment process. Partners that want to use EPS as the merchant of record with any EU-issued credit or debit card, will need to adopt our Rapid solution for 2FA available in Rapid v2.2.
Rapid and Two-Factor Authentication
How does it work?
Partners that use EPS MOR with customer cards can adopt EPS’s API solution to generate bookings that are compliant with the regulations. The APIs support PSD2 compliance by supporting 2FA in the booking flow.
EPS’s solution for 2FA is comprised of two distinct components: A client-side JavaScript library and updated Rapid v2.2 (or higher) APIs. Both of these are used together to enable 2FA.
Client-side Javascript Library (new)
This library is incorporated on the checkout page and is invoked at the time of booking to support the 2FA process. The library’s APIs support the following capabilities:
Collect customer’s device-information (e.g. device model) so it can be sent to the customer’s issuing-bank for review. The bank uses the device information to assess the risk of a transaction and decide if 2FA is required for the transaction. This is performed before a booking attempt.
- Display the 2FA experience to the customer after a booking attempt. The 2FA experience is presented by the library but is sourced from the customer’s issuing bank. The 2FA process must be completed by a customer before a payment can be completed and booking is confirmed.
Rapid API
Rapid APIs have been extended and added to support 2FA and work in conjunction with the client-side JavaScript library. The APIs now support the following capabilities:
- Registration of payment information so EPS can determine the device-information that needs to be sent the customer’s issuing-bank for review. This is performed before a booking attempt.
- Complete the booking after 2FA is successful.
The below diagram illustrates the sequence of operations and flow of data between the Javascript library and Rapid API.

Note: Extended documentation of the end-to-end integration process will be available in January. This documentation will describe usage of the Javascript Library and Rapid v2.2 changes.
Features
- Supports 3DS 2.x
- Supports risk-based authentication, which reduces friction with customers by granting the bank discretion about when to challenge customers with 2FA and when to not.
Preview EPS Rapid 2.2 Documentation.
You can now review documentation for the upcoming version of our EPS Rapid API. Review the schema, start coding and test against our end-points in preparation for go-live in January 2019.
Go to our EPS Rapid 2.2 page to learn more. Version 2.1 is still available here.
You can now integrate with the latest version of our EPS Rapid API. Review the schema, test against our end-points and start sending live requests using the newest features.
Go to our EPS Rapid 2.2 page to learn more.
EPS Home | EPS Portal Login | Expedia Partner Central | Advertise with Expedia
News | Privacy Policy | Cookie Policy | Contact Us
© 2018 Expedia, Inc. All Rights Reserved.