This article explains how to apply SCA Exemptions to bypass EMV 3D Secure.
This functionality is subject to the following conditions:
- Merchants must obtain permission from their acquiring bank before applying SCA Exemptions.
- SCA Exemptions MUST NOT be applied to any initial request used to store card credentials (where credentialsonfile=1). Instead, the initial transaction must undergo full cardholder authentication via the EMV 3D Secure challenge flow.
- Any transaction that your system flags as exempt from authentication is reviewed by the relevant card issuer prior to authorisation to check their pre-determined criteria for exemption have been met. They reserve the right to reject your request, in which case the transaction will still be subject to 3D Secure authentication. There are different types of exemptions that can be applied. It is your responsibility to assign the correct exemption and ensure the transaction meets the necessary criteria for said exemption.
- If a transaction is successfully exempted from 3D Secure authentication, it will forgo the liability shift, meaning that if fraud occurs on the exempted transactions, you will be financially liable for the subsequent chargeback. The exact terms will depend on the relevant card issuer.
- There are also certain situations where the card issuer may apply an exemption automatically (even if you do not request one) if certain conditions are met, in order to streamline the purchasing experience for the customer. If this occurs, the liability shift will not be affected.
Card issuers may enforce additional requirements for certain exemptions to be applied. They reserve the right to reject the request for an exemption. If this occurs, a soft decline may be returned in the Authorisation response, requiring further action to complete the transaction. Learn about soft declines.
The following exemptions are supported for Trust Payments-acquired merchants:
1. Applying Transaction Risk Analysis (TRA) exemptions at authentication stage
About Transaction Risk Analysis (TRA)
You can request a Transaction Risk Analysis (TRA) exemption for transactions deemed to be low risk. TRA is a frequently-applied exemption that is designed to allow merchants who are processing low-risk transactions to process transactions without the need for additional verification methods. By submitting a transaction with a TRA exemption, it is expected that you have performed your own risk analysis and are satisfied that the transaction is low risk, because you are forgoing liability shift and will assume financial responsibility for any chargebacks raised.
Applying exemptions at the authentication stage allows the EMV 3DS process to provide more information to the issuing bank, so they can make a more informed decision when choosing to allow/deny an applied exemption. This exemption will then be received by both the 3DS provider and your acquiring bank.
Before applying a Transaction Risk Analysis (TRA) exemption, you must ensure you have permission to do so from your acquiring bank and that Trust Payments supports this with your acquirer.
You must ensure EMV 3DS is enabled on your site reference (contact our Support Team if you are unsure). Then you must include the scaexemptionindicator field in the POST to Trust Payments.
| Field | Format | Description | |
| Conditional | scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit 2 to indicate Transaction Risk Analysis (TRA). |
You must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY","AUTH"].
| Field | Format | Description | |
| Conditional | scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit 2 to indicate Transaction Risk Analysis (TRA). |
If you are using our 3DS API to perform the authentication (as described here), you must include the scaexemptionindicator field in the THREEDQUERY request.
If you are using our JavaScript Library to perform the authentication (as described here), you must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY"].
| Field | Format | Description | |
| Conditional | scaexemptionindicator XPath: /operation/scaexemptionindicator |
Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit 2 to indicate Transaction Risk Analysis (TRA). |
You must include the scaexemptionindicator field in the JWT payload, with requesttypedescriptions ["THREEDQUERY","AUTH"].
| Field | Format | Description | |
| Conditional | scaexemptionindicator | Numeric (1) |
Required if flagging a transaction as exempt from EMV 3DS. Submit 2 to indicate Transaction Risk Analysis (TRA). |
2. Applying Low Value Exemptions (LVE) at authorisation stage
Low Value Exemptions (LVE) allow low-value transactions to bypass Strong Customer Authentication (SCA), reducing friction at checkout. The exemption is applied when attempting to seek authorisation for the transaction from the issuing bank.
Low Value Exemptions (LVE) carry a notable risk of soft decline:
- Many card issuers prefer to authenticate transactions via their own frictionless flow rather than honour the exemption.
- A soft decline will also occur automatically if, since SCA was last performed, the customer has made 5 purchases or collectively spent more than €100 (EUR) across multiple stores.
Before applying an exemption, you must ensure you have permission to do so from your acquiring bank.
- You must contact our Support Team and request Enhanced Post is enabled on your site reference.
Learn about Enhanced Post. - You must update your POST to Trust Payments to include the field requesttypedescriptions=AUTH, and also scaexemptionindicator=1 with one of the following supported values:
| Field | Format | Description | |
| Conditional | scaexemptionindicator | Numeric (1) | Required if flagging a transaction as exempt from EMV 3DS. Submit "1" to indicate a Low Value Exemption (LVE). |
Example
<html>
<body>
<form method="POST" action="<DOMAIN>/process/payments/choice">
<input type="hidden" name="sitereference" value="test_site12345">
<input type="hidden" name="stprofile" value="default">
<input type="hidden" name="currencyiso3a" value="GBP">
<input type="hidden" name="mainamount" value="1.00">
<input type="hidden" name="version" value="2">
<input type="hidden" name="requesttypedescriptions" value="AUTH">
<input type="hidden" name="scaexemptionindicator" value="1">
<input type="submit" value="Pay">
</form>
</body>
</html>
Replace <DOMAIN> with a supported domain. View full domain list.
You must include scaexemptionindicator=1 in the JWT payload, with requesttypedescriptions ["AUTH"].
| Field | Format | Description | |
| Conditional | scaexemptionindicator | Numeric (1) | Required if flagging a transaction as exempt from EMV 3DS. Submit "1" to indicate a Low Value Exemption (LVE). |
You must include scaexemptionindicator=1 in the AUTH request.
| Field | Format | Description | |
| Conditional | scaexemptionindicator XPath: /operation/scaexemptionindicator |
Numeric (1) | Required if flagging a transaction as exempt from EMV 3DS. Submit "1" to indicate a Low Value Exemption (LVE). |
You must include the scaexemptionindicator=1 in the JWT payload, with requesttypedescriptions ["AUTH"].
| Field | Format | Description | |
| Conditional | scaexemptionindicator | Numeric (1) | Required if flagging a transaction as exempt from EMV 3DS. Submit "1" to indicate a Low Value Exemption (LVE). |
