For developers: Find out how to use flags to request that a payment is exempt or excluded from Payment Services Directive 2 (PSD2) Strong Customer Authentication (SCA).
3-D-Secure version 2.x (2.1. onwards) enables you to flag payments as exempt or excluded (because they are out of scope) from having Payment Services Directive 2 (PSD2) Strong Customer Authentication (SCA) applied.
These flags only indicate a request for an exemption or exclusion. The final decision is made by the customer’s bank (Issuer). Even if a transaction has been flagged as exempt or excluded, the bank may determine that, due to their own risk rules, SCA is required.
We currently support requests for:
- Exemptions:
- Low value payments (Mastercard and Visa) on our Acquring platform only. (Low value payments are not supported yet on the Cashflows Gateway).
- Recurring payments (Mastercard and Visa).
- Exclusions (out of scope payments):
- Merchant Initiated transactions (MITs) (Mastercard only).
Important: Although repeat payments initiated by Merchants (MITs / Continuous Authorisation Payments) are exempt/excluded, the first transaction in a series of recurring/repeat payments must have 3DS checks applied.
If you’re a developer working for a merchant, or one of our partners, you are responsible for:
- Sending us the data that we need so that we can apply the necessary 3DS checks. For information, see What 3-D Secure data do I need to include in payment requests?
- Telling us if a payment request is exempt or excluded from having SCA applied.
Important: If a transaction does not require SCA, either because it is exempt or excluded, it must be correctly flagged. Otherwise, it may be declined.
For more information, visit:
-
- EMV 3-D Secure Specification
- Visa website: Visa 3-D Secure 2.0
- Mastercard website: Top 10 things to know about 3-D Secure