The Third Bureaucracy Relief Act raises some questions about how the digital reporting form can be handled.
We have briefly summarized all the relevant legal requirements and show you how to replace the registration form with a digital solution.
As we already reported, the Bureaucracy Relief Act III stipulates that the authentication of the guest for the electronic registration form cannot be replaced by a simple digital signature. Two options are mentioned for a legally compliant solution: Strong Customer Authentication (SCA) in conjunction with the requirements of the Payment Services Supervision Act or the electronic function of the ID card.
The addition of the Federal Registration Act (Section 29(5)) confirms this statement:
The Federal Registration Act states that “[…] the obligation to register may also be fulfilled, with the consent of the accommodated person, by the […] Data are collected electronically and the accommodated person confirms their correctness and completeness on the day of arrival, in that the accommodated person has a card-based payment process with strong customer authentication within the meaning of the […] Payment Services Supervision Act, where the earmarked allocation number of the payment instrument used is collected […]” (§Section 29 paragraph 5 BMG).
This results in the following requirements for the Digital Registration Form:
- Data for the registration form can be collected electronically.
- The accommodated person should confirm the accuracy and completeness of the data on the day of arrival.
- Confirmation can be done with a credit card in conjunction with strong customer authentication (SCA). Here, a card-linked payment transaction must be triggered in accordance with PSD2.
The straiv by CODE2ORDER digital solution for the electronic registration certificate for hotels offers the following possibilities:
1. Data for the registration form can be queried electronically by the guest
By e-mail, the guest will be asked to provide all the data for the registration form. A link in the email takes him to the solution to execute this.
2. There is a possibility that the data of the registration form will be requested on the day of arrival at the hotel.
The email can be sent automatically on the day of arrival. The hotel still remains flexible in the design.
3. Confirmation is made via the guest's credit card in conjunction with strong customer authentication (SCA)
A card-based payment transaction (with a value of 0.00 EUR according to PSD2) is carried out – as required by law.
Card-linked payment process with strong customer authentication
Within the scope of the digital registration form, the guest is requested to provide all data relevant for the registration form. To confirm this data, the SCA procedure is used in connection with the guest’s credit card.
SCA is used by default in online commerce. You are probably familiar with this process: You enter your credit card data and confirm via a TAN procedure or password that the credit card is actually in your own possession. In the context of the digital registration form, it then looks like this:
The guest enters their credit card information and is prompted to enter the associated credit card password for confirmation. Alternatively, the confirmation is made via a TAN procedure, this depends on the credit institution. A transaction with a value of €0.00 is performed. In this way, the identity of the guest is clearly established.
The same logic can be applied to a check-in kiosk or tablet at the hotel reception desk. Here, the guest enters the data for the registration form on the tablet and is then asked to clearly identify himself. The guest enters his credit card data and confirms again with the password or via a TAN procedure. The guest is uniquely identified by the two factors possession (credit card) and knowledge (password or TAN).
