PSD2 regulations (overruling legislation dating to 2007) cover online customer authentication, and full compliance is required by 14 September for companies either in the EU or those who do business with companies or customers in the EU, which is also true of GDPR.

The main takeaway for hoteliers, sources said, is that they need to have their booking and payments technology seamlessly up to scratch and working across all markets to avoid the risk of guests dropping out of booking processes and buying rooms elsewhere.