Exemptions are a hot topic when it comes to PSD2 SCA. They can be useful because issuers and merchants can use exemptions to mitigate friction and not present SCA to the cardholder when applicable. There can be a lot of benefits, but there is also a lot of complexity surrounding them. You need to know the facts, and that is where we can help.
PSD2, as most of you know, is the European Banking Authority’s (EBA) 2nd Payment Service Directive, designed to drive payment innovation and data security. PSD2 has a requirement for Strong Customer Authentication (SCA). SCA is required on each digital transaction which means a cardholder must be challenged (a step-up occur) with their issuer. Exemptions, when specific criteria are met, can reduce the need for SCA if used correctly and the risk of fraud is minimal.
The first step is to know if you are eligible. If your acquirer supports exemptions, and if the card issuers, whose consumers buy on your digital sites, are participating, you may qualify for some exemptions.
Let’s highlight a couple:
For example, if the first low-value transaction is subject to SCA, and the next four transactions are also low value (meaning each is less than €30 and all five don’t total €100 combined), then bingo - those transactions are exempt from SCA.
One thing to note - the acquirer/merchant is liable for any fraud from the exempted transactions since they are requesting the exemption. So that’s something to keep in mind. In addition, this exemption is only available with EMV® 3-D Secure: Visa Secure: v2.2 and Mastercard Identity Check: v2.1 extension.
Whitelisting (WL) / Trusted Beneficiaries (TB):
Just like low-value exemptions, whitelisting is only available when using EMV 3DS: Visa Secure v2.2 and Mastercard Identity Check v2.1 extension. This is a nice way for a consumer to express trust for their favorite merchants and not worry about a challenge when they make their next purchase. It reduces friction and adds to the seamless experience merchants are looking for – and hopefully more sales down the road.
Low-value exemptions and whitelisting are just two of the exemptions available for merchants and issuers to take advantage of. Our goal is to give you every opportunity to succeed in these ever-changing times. If you want to learn more about the two exemptions we discussed, or about others available, let’s talk. Reach out any time, we are here to help.
EMV 3DS can help manage PSD2 SCA’s exemptions. See if they’ll work for you.
At Cardinal, our 2020 resolution is all about building our existing capabilities and expanding our reach in the latest protocols. See what we've got planned for 2020.
Learn how authentication affects Card-not-Present authorization rates and key statistics on fraud in the clothing and footwear industry.
Authentication is core to payment processing in Europe, so if your digital transactions are not authenticated, you will be expected to implement a solution before your business is impacted.
You'll be the first to hear about new products, features, and company updates.