SCA Exemptions
Last updated: Sept 18th, 10:55pm
Merchants operating in the European Economic Area (EEA) are mandated to support Strong Customer Authentication (SCA) on ecommerce transactions to meet the Payments Service Directive 2/Regulatory Technical Standards (PSD2/RTS) regulations.
The new rules stipulate that Strong Customer Authentication (SCA) be performed on all transactions, with a limited set of exceptions.
How exemption to SCA works
Merchants may request an exemption prior to the authorization using 3D Secure. When requested, the same exemption must be provided in the authorization. Issuers may use SCA exemption indicators to help decide whether or not to approve an authorization request. Issuers may still decline indicating that additional cardholder authentication is required.
Exemption reason descriptions:
- Secure Corporate Payment (SCP): Secure corporate or Business-to-Business (B2B) payments over dedicated payment processes and protocols are exempted from SCA.
- Transaction Risk Analysis (TRA): Transactions are eligible for SCA exemption if transaction fraud rates are below established thresholds defined by PSD2/RTS.
- Low Value Payment (LVP): Transactions are eligible for SCA exemption when the transaction amount is below the limit established by PSD2/RTS.
- Merchant Initiated Transaction (MIT): Transactions processed within the Merchant-Initiated Transaction (MIT) framework are exempt from SCA. The initial transaction must meet strong customer authentication requirements.
- Recurring Payment (RP): Transactions are eligible for SCA exemption. The initial transaction must met strong customer authentication requirements.
- SCA Delegation (SD): Transactions are eligible for SCA exemptions when an Issuer has delegated authentication responsibility to a third-party wallet provider or to a merchant.
- Trusted Merchant (TM): Transactions are eligible for SCA exemption when a customers has added the merchant to a trusted list, where SCA is generally only required on the initial transaction.
Supported processors
Payflow currently supports SCA Exemptions for the following processors:
- American Express
- Braintree
- Chase Paymentech Salem
- FISERV North
- PayPal
How to send SCA exemption data
After you've integrated with an 3D Secure MPI, you can use SCA exemptions to exempt future transactions from having to do additional 3D Secure calls by passing the required parameters outlined in this documentation. For example, customer orders a product online where you validate with 3D Secure and then they set up a monthly renewal where you bill them using a merchant initiated (MIT) or recurring (RP) exemption.
Payflow fields
Field | Description | Data type/max length | Processor support |
---|---|---|---|
SCAEXEMPTION |
Value to flag exemption status. Only one of the following values can be sent: TM , SCP , TRA , LVP , MIT , RP , SD , TM See descriptions above. |
alphanumeric, 3 | All |
CITDATE |
MasterCard only Merchant initiated (MIT) and recurring (RP) transactions must contain the original settlement date which is received from the initial Cardholder Initiated (CITI) transaction response.Format: MMDD |
alphanumeric, 4 | FISERV North |
VMAID |
Visa only Visa Merchant Authentication ID assigned by Visa EU.If SCAEXEMPTION value is either TM or SD then VMAID is required. |
alphanumeric, 8 | FISERV North |
Sample request
1VENDOR=MerchantUserID&PARTNER=PayPal&USER=UserIDIfAvailOrSameAsVendor&PWD=Pwd4Payflow&TRXTYPE=S&TENDER=C&ACCT=4500XXXXXXXX0061&EXPDATE=1225&AMT=111.27&CAVV[28]=AAABBhBxKAAAAAAAAAAAAAAAAAA=&BILLTOSTREET=12115 LACKLAND&BILLTOZIP=63146&ECI=5&SCAEXEMPTION=SD&VMAID=12345678&THREEDSVERSION=2.0&VERBOSITY=HIGH
Additional information
- Visa, general information.
- MasterCard, general information.
- UK Financial, for basic information and rollout.