SCA Exemptions

There are certain scenarios where you, as a merchant, may deem the risk of fraud for a given transaction to be sufficiently low that you would prefer to bypass EMV 3-D Secure authentication. In these situations, where you want to ensure the customer can complete their payment without the possibility of being interrupted to perform authentication, certain acquiring banks support the ability to flag transactions as exempt.

  Only supported by certain acquiring banks

Please contact your acquiring bank and check you are permitted to apply exemptions before updating your requests to do so, and contact our Support Team to check which of these exemptions are supported.

This functionality is subject to the following conditions:

  • Any transaction that your system flags as exempt from authentication is reviewed by the relevant card issuer prior to authorisation to check their pre-determined criteria for exemption have been met. They reserve the right to reject your request, in which case the transaction will still be subject to 3-D Secure authentication. There are different types of exemptions that can be applied. It is your responsibility to assign the correct exemption and ensure the transaction meets the necessary criteria for said exemption.

  • If a transaction is successfully exempted from 3-D Secure authentication, it will forgo the liability shift, meaning that if fraud occurs on the exempted transactions, you will be financially liable for the subsequent chargeback. The exact terms will depend on the relevant card issuer.

  • There are also certain situations where the card issuer may apply an exemption automatically (even if you do not request one) if certain conditions are met, in order to streamline the purchasing experience for the customer. If this occurs, the liability shift will not be affected.

  Card issuers may enforce additional requirements for certain exemptions to be applied. They reserve the right to reject the request for an exemption. If this occurs, a soft decline may be returned, requiring further action to complete the transaction. Click here to learn more about soft declines.

 

There are two ways in which exemptions can be applied. You must choose from the two solutions provided below:

 


 

1. Applying Transaction Risk Analysis (TRA) exemptions at authentication stage

  Before applying a Transaction Risk Analysis (TRA) exemption, you must ensure you have permission to do so from your acquiring bank and that Trust Payments supports this with your acquirer.

  About Transaction Risk Analysis (TRA)

You can request a Transaction Risk Analysis (TRA) exemption for transactions deemed to be low risk. TRA is a frequently-applied exemption that is designed to allow merchants who are processing low-risk transactions to process transactions without the need for additional verification methods. By submitting a transaction with a TRA exemption, it is expected that you have performed your own risk analysis and are satisfied that the transaction is low risk, because you are forgoing liability shift and will assume financial responsibility for any chargebacks raised.

Applying exemptions at the authentication stage allows the EMV 3DS process to provide more information to the issuing bank, so they can make a more informed decision when choosing to allow/deny an applied exemption. This exemption will then be received by both the 3DS provider and your acquiring bank. When using exemptions, it is still possible for a soft decline to be returned. Click here for further information on how to handle soft declines.

TRU Connect - Payment Pages

You must ensure EMV 3DS is enabled on your site reference (contact our Support Team if you are unsure). Then you must include the scaexemptionindicator field in the POST to Trust Payments.

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit 2 to indicate Transaction Risk Analysis (TRA).

TRU Connect - JavaScript Library

You must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY","AUTH"].

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit 2 to indicate Transaction Risk Analysis (TRA).

TRU Connect - Webservices API

If using third party for 3-D Secure authentication

If you are using a third party provider / MPI to perform the authentication, you must include the scaexemptionindicator field in the AUTH request.

  Field Format Description
table-conditional.png

scaexemptionindicator
XPath: /operation/scaexemptionindicator

Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit 2 to indicate Transaction Risk Analysis (TRA).

 

If using JavaScript Library for 3-D Secure authentication

If you are using our JavaScript Library to perform the authentication (as described here), you must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY","AUTH"].

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit 2 to indicate Transaction Risk Analysis (TRA).

TRU Mobile

You must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY","AUTH"].

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit 2 to indicate Transaction Risk Analysis (TRA).

 


 

2. Applying exemptions at authorisation stage

  Before applying an exemption, you must ensure you have permission to do so from your acquiring bank.

This requests a bypass of EMV 3DS authentication (and associated authentication fees), and applies the exemption when attempting to seek authorisation for the transaction from the issuing bank. This exemption will then be received by the acquiring bank. When using exemptions, it is still possible for a soft decline to be returned. Click here for further information on how to handle soft declines.

TRU Connect - Payment Pages
  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit one of the following values:
1 – Low value
2 – Transaction Risk Analysis
3 – Trusted Merchant
4 – Secure Corporate payment
5 – Delegated authentication  

Example

<html>
<body>
<form method="POST" action="<DOMAIN>/process/payments/choice">
<input type="hidden" name="sitereference" value="test_site12345">
<input type="hidden" name="stprofile" value="default">
<input type="hidden" name="currencyiso3a" value="GBP">
<input type="hidden" name="mainamount" value="1.00">
<input type="hidden" name="version" value="2">
<input type="hidden" name="requesttypedescriptions" value="AUTH">
<input type="hidden" name="scaexemptionindicator" value="1">
<input type="submit" value="Pay">
</form>
</body>
</html>

Replace <DOMAIN> with a supported domain. Click here for a full list.

TRU Connect - JavaScript Library

You must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["AUTH"].

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit one of the following values:
1 – Low value
2 – Transaction Risk Analysis
3 – Trusted Merchant
4 – Secure Corporate payment
5 – Delegated authentication  

TRU Connect - Webservices API

You must include the scaexemptionindicator field in the AUTH request.

  Field Format Description
table-conditional.png

scaexemptionindicator
XPath: /operation/scaexemptionindicator

Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit one of the following values:
1 – Low value
2 – Transaction Risk Analysis
3 – Trusted Merchant
4 – Secure Corporate payment
5 – Delegated authentication  

TRU Mobile

You must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["AUTH"].

  Field Format Description
table-conditional.png scaexemptionindicator Numeric (1)

Required if flagging a transaction as exempt from EMV 3DS.

Submit one of the following values:
1 – Low value
2 – Transaction Risk Analysis
3 – Trusted Merchant
4 – Secure Corporate payment
5 – Delegated authentication  

 


 

Checking if an exemption has been applied

TRU Connect - View in MyST

View transaction details in MyST – Click the “3-D Secure” header and if an exemption has been applied, the field SCA Exemption Indicator is displayed with a numerical value.

TRU Connect Payment Pages - URL notifications

Check the URL notification – You can configure URL notifications posted to your servers to include the additional field scaexemptionindicator. This is returned in the notification with a numerical value when an exemption has been applied.

TRU Connect JS Library - Check response JWT

Check the response JWT – If an exemption has been applied, the additional field scaexemptionindicator is returned in the response JWT with a numerical value.

TRU Connect Webservices API - Check response returned

Check the response returned – If an exemption has been applied, the additional field operation/scaexemptionindicator is returned with a numerical value.

TRU Mobile - Check response JWT

Check the response JWT – If an exemption has been applied, the additional field scaexemptionindicator is returned in the response JWT with a numerical value.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request