Sign up

Introduction

Although 3-D Secure is now mandatory for online transactions, SCA regulations allow to skip 3-D Secure altogether in some cases. Checking the requirements for that adds complexity to your integration, especially when you need to weight customer experience and conversion rate against Fraud Prevention.

Therefore, we are happy to offer you the Exemption Engine feature. It implements this process by automatically:

You can keep sending all your flow to one account, as the Exemption Engine will automatically filter your transactions which are not eligible for exemptions.

The following exemptions are in scope:

  • Low amount transactions: For transactions below 30€ (or equivalent in another currency). However, SCA is applicable if your customers make either
    • Five consecutive transactions without authentication
      Or
    • A transaction higher than 100€

      In cases like these, the issuer refuses the exemption and we will reinitiate SCA

  • Acquirer Transaction Risk Analysis (TRA): For transactions considered low fraud risk. As your acquirer is liable and overlooks the overall portfolio of the transactions (transaction value, fraud rate), it grants an exemption or not. Contact your acquirer for details

The following are not in scope:

  • Transactions for payment methods:
    JCB
    Diners Club
  • For transactions you send with parameter cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator (i.e. for Card On File).
  • Transactions above 500€.
  • Transactions out of SCA scope.

Based on the overall picture, our platform will automatically skip or roll-out 3-D Secure, steering the overall payment flow accordingly.

Understand payment flow

This is a high-level payment flow covering only the mandatory steps. Regardless of the mode you choose, the flow follows some basic steps as described below. Learn in our dedicated guides about the individual differences

Our Exemption Engine is available for or all our integration modes and blends in seamlessly in the payment flow.

  1. You send a CreatePayment/CreateHostedCheckout request to our platform, including at least the mandatory 3-D Secure and as many Fraud Prevention properties as possible
  2. Your Fraud Prevention module calculates the Global Fraud Score and checks whether the transaction is applicable for the Exemption Engine flow:
    a. If any of the criteria is met, the flow continues at 3
    b. If not, the flow continues at 4
  3. We submit the actual financial transaction to the acquirer to process it. We receive the transaction result. The flow continues at 7
  4. We submit the actual financial transaction to the acquirer with a preference for frictionless flow. If the issuer does not accept the frictionless flow, we will automatically recover the transaction via Soft Decline
  5. We receive the transaction result
  6. We redirect your customer to your returnUrl
  7. You request the transaction result from our platform via GetPayment or receive the result via webhooks
  8. If the transaction was successful, you can deliver the goods / service

Integrate Exemption Engine

To use the Exemption Engine, make sure to fulfil these requirements:

  • Contact us to inform us you would like to use the Exemption Engine. Provide us with a list of PSPIDs so we can configure them accordingly
  • Activate either Fraud Expert Scoring or Fraud Expert Checklist, as the Exemption Engine is part of these modules. Configure it properly and send as many Fraud Prevention properties in your CreateHostedCheckout/CreatePayment request as possible. Contact us to activate and set it up for you
  • Make sure your integration complies to SCA by sending at the mandatory parameters for 3-D Secure

Depending on the integration mode, differences apply. Find an example for all in the "Integration" tab for the respective payment. Make sure to add as many Fraud Prevention properties as possible:

American Express
MasterCard
Visa

If you use the Exemption Engine solution, you acknowledge and accept that a successful exemption does not always comply to the SCA protocol. Consequently, you are liable for these exemptions if these turn out to be fraudulent

Was this page helpful?

Do you have any comments?

Thank you for your response.