There are certain scenarios where you, as a merchant, may deem the risk of fraud for a given transaction to be sufficiently low that you would prefer to bypass EMV 3-D Secure authentication. In these situations, where you want to ensure the customer can complete their payment without the possibility of being interrupted to perform authentication, certain acquiring banks support the ability to flag transactions as exempt.
SCA Exemptions are only available where EMV 3-D Secure is supported and MUST be used in conjunction with EMV 3-D Secure. Please contact our Support Team for further information.
Merchants MUST obtain permission from their acquiring bank before attempting to use SCA Exemptions. Trust Payments acquiring merchants can contact us here to request permission.
SCA Exemptions MUST NOT be used when storing credentials. When credentialsonfile=1, the EMV 3-D Secure challenge flow must be used. Click here for further information.
This functionality is subject to the following conditions:
-
Any transaction that your system flags as exempt from authentication is reviewed by the relevant card issuer prior to authorisation to check their pre-determined criteria for exemption have been met. They reserve the right to reject your request, in which case the transaction will still be subject to 3-D Secure authentication. There are different types of exemptions that can be applied. It is your responsibility to assign the correct exemption and ensure the transaction meets the necessary criteria for said exemption.
-
If a transaction is successfully exempted from 3-D Secure authentication, it will forgo the liability shift, meaning that if fraud occurs on the exempted transactions, you will be financially liable for the subsequent chargeback. The exact terms will depend on the relevant card issuer.
-
There are also certain situations where the card issuer may apply an exemption automatically (even if you do not request one) if certain conditions are met, in order to streamline the purchasing experience for the customer. If this occurs, the liability shift will not be affected.
Card issuers may enforce additional requirements for certain exemptions to be applied. They reserve the right to reject the request for an exemption. If this occurs, a soft decline may be returned in the Authorisation response, requiring further action to complete the transaction. Click here to learn more about soft declines.
There are two ways in which exemptions can be applied. You must choose from the two solutions provided below:
1. Applying Transaction Risk Analysis (TRA) exemptions at authentication stage
Before applying a Transaction Risk Analysis (TRA) exemption, you must ensure you have permission to do so from your acquiring bank and that Trust Payments supports this with your acquirer.
About Transaction Risk Analysis (TRA)
You can request a Transaction Risk Analysis (TRA) exemption for transactions deemed to be low risk. TRA is a frequently-applied exemption that is designed to allow merchants who are processing low-risk transactions to process transactions without the need for additional verification methods. By submitting a transaction with a TRA exemption, it is expected that you have performed your own risk analysis and are satisfied that the transaction is low risk, because you are forgoing liability shift and will assume financial responsibility for any chargebacks raised.
Applying exemptions at the authentication stage allows the EMV 3DS process to provide more information to the issuing bank, so they can make a more informed decision when choosing to allow/deny an applied exemption. This exemption will then be received by both the 3DS provider and your acquiring bank. When using exemptions, it is still possible for a soft decline to be returned in the Authorisation response. Click here for further information on how to handle soft declines.
You must ensure EMV 3DS is enabled on your site reference (contact our Support Team if you are unsure). Then you must include the scaexemptionindicator field in the POST to Trust Payments.
Field | Format | Description | |
scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit 2 to indicate Transaction Risk Analysis (TRA). |
You must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY","AUTH"].
Field | Format | Description | |
scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit 2 to indicate Transaction Risk Analysis (TRA). |
For merchants using our Webservices API for the authorisation, exemptions at the authentication stage are only supported where merchants use our JavaScript Library for 3-D Secure authentication.
If you are using our JavaScript Library to perform the authentication (as described here), you must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY"].
Field | Format | Description | |
scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit 2 to indicate Transaction Risk Analysis (TRA). |
You must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY","AUTH"].
Field | Format | Description | |
scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit 2 to indicate Transaction Risk Analysis (TRA). |
2. Applying Low Value Exemptions (LVE) at authorisation stage
Before applying an exemption, you must ensure you have permission to do so from your acquiring bank.
This requests a bypass of EMV 3DS authentication (and associated authentication fees), and applies the exemption when attempting to seek authorisation for the transaction from the issuing bank. This exemption will then be received by the acquiring bank. When using exemptions, it is still possible for a soft decline to be returned.
Click here for further information on how to handle soft declines.
Low Value Exemptions (LVE) may be subject to soft declines if, since SCA was last performed, the customer has made 5 purchases or collectively transacted more than €100 (EUR). All merchants must retry with SCA if they receive a soft decline response.
Click here for further information on how to handle soft declines.
Other types of exemptions can be applied at the authorisation stage, such as designations for Trusted Merchants, Secure Corporate payments and Delegated authentication. To learn more about these solutions, please contact your account manager.
- You must contact our Support Team and request Enhanced Post is enabled on your site reference.
Click here to learn more about Enhanced Post. - You must update your POST to Trust Payments to include the field requesttypedescriptions=AUTH, and also scaexemptionindicator=1 with one of the following supported values:
Field | Format | Description | |
scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit "1" to indicate a Low Value Exemption (LVE). |
Example
<html>
<body>
<form method="POST" action="<DOMAIN>/process/payments/choice">
<input type="hidden" name="sitereference" value="test_site12345">
<input type="hidden" name="stprofile" value="default">
<input type="hidden" name="currencyiso3a" value="GBP">
<input type="hidden" name="mainamount" value="1.00">
<input type="hidden" name="version" value="2">
<input type="hidden" name="requesttypedescriptions" value="AUTH">
<input type="hidden" name="scaexemptionindicator" value="1">
<input type="submit" value="Pay">
</form>
</body>
</html>
Replace <DOMAIN>
with a supported domain. Click here for a full list.
You must include scaexemptionindicator=1 in the JWT payload, with requesttypedescriptions ["AUTH"].
Field | Format | Description | |
scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit "1" to indicate a Low Value Exemption (LVE). |
You must include scaexemptionindicator=1 in the AUTH request.
Field | Format | Description | |
scaexemptionindicator |
Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit "1" to indicate a Low Value Exemption (LVE). |
You must include the scaexemptionindicator=1 in the JWT payload, with requesttypedescriptions ["AUTH"].
Field | Format | Description | |
scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit "1" to indicate a Low Value Exemption (LVE). |