Authorise an Authenticated Payment to handle security deposits in Opayo

How to use Opayo to authenticate a transaction through your account for security deposits

We have modified the Opayo payment gateway connection to allow your guests to authenticate a transaction through your account, which you are then able to authorise to receive the funds at a later date.

You can read more about this here.

If you would like to use this feature, you must first get in touch with Opayo to enabled this within your Payment Gateway and Merchant account. Once enabled, we can switch this feature on for you in Anytime.

The security deposit amount is currently put in place in Anytime by us, so please let us know how much it is when we activate the feature for you. This is then a global setting across all units.

Inviting your guest to authorise their card details

Head to Configuration > Emails. Here you will find a new email template called 'Security/Damage Deposit (request)'. Use this email template to invite the guest to your designated guest login area.

Screenshot 2021-03-17 at 13.07.09 

You can choose how close to the guest's arrival date you would like them to go and authorise their payment.

You can also control the Pre-Arrival email with this feature by ensuring this email does not go to the guest until they have logged in and authenticated their card. Just check the box ''Only Send If Security/Damage Deposit Payment In Place'' with the pre-arrival setting. This can apply for both pre-arrival 1 and 2. 

Screenshot 2022-12-13 at 09.20.47

When your guest logs in, they will see the 'Authorise Security Deposit' button. This button will only appear within 30 days' of the guest arriving.

Screenshot 2021-03-17 at 16.48.51 

No money is physically collected at this point. The guest is presented with some words provided by Opayo with a link to Opayo's security policy, here. 

Screenshot 2021-03-17 at 13.51.58

Once the guest hits continue, they are taken to the SagePay (Opayo) screen to enter in their card details.

Screenshot 2021-03-17 at 16.02.05

Please note - Opayo's language at this point says 'To Pay ..' rather than 'To Authorise ..' We do warn the guest that no money will be taken but some may abort the process if they think they are paying the security deposit at this point. If they do abort the authorisation here, please see the Troubleshooting section at the bottom of this article.

Once the guest has completed this part, you will be able to see that the authentication has taken place in the Booking Summary under the Payments Tab.

Screenshot 2021-03-17 at 16.05.05

If you need to collect a Security or Damage deposit, you have up to 90 days from the authentication date to collect up to 115% of the value recorded at the time of authentication.

To do this, go to your SagePay (Opayo) control panel, find the guest and press on the authorise link. You will need to follow the instructions given by SagePay (Opayo) at this point.

Screenshot 2021-03-17 at 16.09.07

You will need to manually communicate with the guest on what you are collecting as we have no automated email templates at this stage.


If a guest attempts to authorise the security deposit on Opayo but it fails or they bail out, you will need to take action as they only get one attempt to make the authorisation and after that the 'Authorise Security Deposit' button disappears in the guest login area. 

You will see an aborted attempt on your Payments Tab - it will say NOT AUTHENTICATED  in the status column. And if you hover over this it will give the reason for the fail from Opayo, for example, 'Status: Abort, Status Detail: 2008: The transaction timed out'. 

Screenshot 2022-11-08 at 10.21.02

You will need to delete this attempt/fail/abort off your Payments Tab panel and this will then give the guest another chance to try again from their guest login area (their Authorise Security Deposit' button will reappear). 

[This is how it works at the moment. We will review this process to see if we can make it more user friendly, for example, we could find a way to ask the system to purge the failed attempt, giving the guest a 'Retry Authentication' button instead. This is now on our feature board.]