On this page:
Overview
During 3D Secure authentication, a Strong Customer Authentication (SCA) or a frictionless authentication challenge can take place. When you are eligible to bypass 3D-Secure authentication, you can use SCA exemptions.
We recommend that you leave the exemption handling to the card issuer and to always submit a 3D Secure authentication request as, with an exemption:
- Liability for chargebacks is automatically shifted to you (the merchant)
- There is an increased chance that transactions will be refused when the card issuer disagrees with the exemption.
Eligibility
When you want to be exempt 3D Secure authentication, you should consult with your acquirer. They will best advise which, if any exemption suits your business needs.
Exemptions
The following exemptions may be available:
- Low value Transactions (LVT)
- Transaction Risk Analysis (TRA)
- Trusted Beneficiary
- Secure Corporate Payment
- Delegated Authentication
Two other exemptions can only be requested for subsequent transactions:
- Merchant Initiated Transactions (MITs)
- Recurring payments (refer to the Credential on File section).
Low Value Transaction (LVT)
When the cardholder uses their LVT exemptions on other merchants’ sites, you are unable to accurately apply this exemption. Only the card issuer will know if the LVT exemption counters have been reached. Rules include:
- The transaction value must be 30 EUR or less (foreign exchange rate equivalent for other currencies).
- Permitted for a maximum of five consecutive LVTs or a maximum cumulative LVT amount of 100 EUR.
- On the sixth LVT or when the cumulative LVT amount is over 100 EUR, then 3D-Secure authentication must be performed.
Transaction Risk Analysis (TRA)
When you and your acquirer have a low number of chargebacks over a given number of transactions, you may be eligible to bypass 3D-Secure authentication using the TRA exemption.
TRA exemption for specified amounts are permitted when you or your acquirer’s fraud rate falls within thresholds. The level of TRA exemption your acquirer can provide will first depend on your acquirer’s overall fraud rate, and then yours.
There are 3 levels of TRA exemption listed in the following table. The maximum exemption amount is 500 EUR for very low fraud levels.
| Fraud Rate | Exemption |
|---|---|
|
Under or equal to 13 bps |
Up to 100 EUR |
|
Under or equal to 6 bps |
Up to 250 EUR |
|
Under or equal to 1 bps |
Up to 500 EUR |
Trusted Beneficiaries
You can use the Trusted Beneficiaries exemption if the cardholder has added you to a trusted beneficiaries list. Their card issuer can prompt the cardholder to add you to the list when they are logged into their bank account or during a challenge authentication flow.
Secure Corporate Payments
Secure corporate cards and virtual card numbers are exempt from 3D-Secure authentication. These payments are typically Business to Business payments (B2B) that have dedicated corporate processes and protocols in place.
Delegated Authentication
The Delegated Authentication exemption prevents 3D-Secure authentication taking place when you have already performed authentication.
To qualify, you must be accredited with the card schemes to perform 3D-Secure authentication: the card schemes delegate the 3D-Secure authentication to you and you can perform 3D Secure authentication independently of them.
Valid Exemption Values
The values in the following table apply to the ThreeDSExemptionIndicator
|
Values and Descriptions |
Mandatory |
Format |
Max Length |
Allowed Values |
|---|---|---|---|---|
(Numbers 06-99 are Reserved for future use) |
Conditional on when Apply3DSecure=2 |
Digits
|
2 |
|
