Exemptions

There are certain scenarios where you, as a merchant, may deem the risk of fraud for a given transaction to be sufficiently low that you would prefer to bypass EMV 3-D Secure authentication. In these situations, where you want to ensure the customer can complete their payment without the possibility of being interrupted to perform authentication, certain acquiring banks support the ability to flag transactions as exempt.

  Only supported by certain acquiring banks

Please contact your acquiring bank and check you are permitted to apply exemptions before updating your requests to do so, and contact our Support Team to check which of these exemptions are supported.

This functionality is subject to the following conditions:

  • Any transaction that your system flags as exempt from authentication is reviewed by the relevant card issuer prior to authorisation to check their pre-determined criteria for exemption have been met. They reserve the right to reject your request, in which case the transaction will still be subject to 3-D Secure authentication. There are different types of exemptions that can be applied. It is your responsibility to assign the correct exemption and ensure the transaction meets the necessary criteria for said exemption.

  • If a transaction is successfully exempted from 3-D Secure authentication, it will typically forgo the liability shift, meaning that if fraud occurs on the exempted transactions, you will be financially liable for the subsequent chargeback. The exact terms will depend on the relevant card issuer.

  • There are also certain situations where the card issuer may apply an exemption automatically (even if you do not request one) if certain conditions are met, in order to streamline the purchasing experience for the customer. If this occurs, the liability shift will not be affected.

 

Applying exemptions

TRU Connect - Payment Pages

You must include the scaexemptionindicator field in the POST to Trust Payments.

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1) Submit one of the following values:
1 – Low value
2 – Transaction Risk Analysis
3 – Trusted Merchant
4 – Secure Corporate payment
5 – Delegated authentication  
TRU Connect - JavaScript Library

You must include the scaexemptionindicator field in the JWT payload.

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1) Submit one of the following values:
1 – Low value
2 – Transaction Risk Analysis
3 – Trusted Merchant
4 – Secure Corporate payment
5 – Delegated authentication  
TRU Mobile

You must include the scaexemptionindicator field in the JWT payload.

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1) Submit one of the following values:
1 – Low value
2 – Transaction Risk Analysis
3 – Trusted Merchant
4 – Secure Corporate payment
5 – Delegated authentication  

  Card issuers may enforce additional requirements for certain exemptions to be applied. They reserve the right to reject the request for an exemption. If this occurs, standard 3-D Secure authentication will be applied.

 

Checking if an exemption has been applied

TRU Connect - View in MyST

View transaction details in MyST – Click the “3-D Secure” header and if an exemption has been applied, the field SCA Exemption Indicator is displayed with a numerical value.

TRU Connect Payment Pages - URL notifications

Check the URL notification – You can configure URL notifications posted to your servers to include the additional field scaexemptionindicator. This is returned in the notification with a numerical value when an exemption has been applied.

TRU Connect JS Library - Check response JWT

Check the response JWT – If an exemption has been applied, the additional field scaexemptionindicator is returned in the response JWT with a numerical value.

TRU Mobile - Check response JWT

Check the response JWT – If an exemption has been applied, the additional field scaexemptionindicator is returned in the response JWT with a numerical value.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request