Another look at SCA Exemptions

Posted On: Tuesday, October 20th, 2020

3DSecure 2 introduces four types of transactions for which an SCA Exemption can occur when conditions are met. These are Transaction Risk Analysis (TRA), Low Value Payments, Trusted Beneficiaries and Secure Corporate Payments.

How to use Exemptions

The Low Value Transactions Exemptions is under the control of the Issuer and no action is needed by the merchant.

These exemptions are already available from Version 2.1 and are supported by Message Extensions. Version 2.2 introduces additional support for Trusted Beneficiaries.

Endeavour 3DSecure fully integrates SCA exceptions on its platform and has added extra features to manage and use this functionality effectively.

Transaction Risk Analysis (TRA)

Each transaction is analysed and assigned a risk score. The idea behind the TRA score is simple, if a transaction has a low risk because of the low value and the low fraud rate of the merchant; this forms the basis for exempting the transaction from SCA.

Low Value Payments

These are transactions which have a maximum value of €30. However, there is a cumulative limit of €150 or 5x transactions which are calculated per card and not merchant.

This exemption is controlled solely by the Issuer and is designed to increase friction-less authentication within PSD2 compliance.

Trusted Beneficiaries

This is the same as Merchant White Listing. The cardholder needs to complete at least one SCA challenge and will be given the option to whitelist the merchant; this way a cardholder can build a custom list of trusted merchants which they use often.

The merchant has the option to request merchant whitelisting. However, which Merchants will be offered for whitelisting is solely at the discretion of the Issuer. The merchant is notified that he is whitelisted by the cardholder and can request this exemption in future authentications.

Endeavour supports Merchant White Listing under both versions 2.1 and 2.2.

Secure Corporate Payments

Secure corporate payments are transactions initiated within secure corporate environments such as corporate purchasing or travel management systems on eligible cards; the exemption is automatically applied by the issuer, without merchant request.

Both MasterCard and Visa however provide a mechanism to request Secure Corporate Exemptions via a 3DSecure message which will provide an acknowledgment if the Payment was accepted by the Issuer for the given card and merchant.

Full support for major card brands and banks

Making eCommerce Safe

Be in the know

Industry news, events and major releases.

IFrames – to use or not to use
Posted on: Friday 16th April, 2021

The discussion on the use of iframes is back! Using an iframe to display the challenge windows has always been a popular option.

MasterCard key Performance Indicators for PSD2:SCA Migration
Posted on: Tuesday 6th April, 2021

MasterCard has been running a monitoring program for many months to monitor sources of errors with version 2. MasterCard has established a number of KPIs around the error rates for different issues.

3DSecure Changes for both versions 1.0.2 and 2.0
Posted on: Wednesday 24th March, 2021

Changes coming to 3DSecure in April with more following in the coming months for both Visa and MasterCard.

Here to help

Questions? We've got answers.

Kindly note that we do not support cardholders wanting to activate 3D Secure on their card. Please contact your bank directly using the phone number provided on the back of your card.