For transactions within the scope of PSD2, you or Adyen can request for an SCA exemption if the transaction meets any of the criteria in the following list. The issuer decides if the exemption is granted or not. For some types of transaction, the issuer can grant an exemption without you or Adyen requesting for it.
If a transaction is in scope of PSD2 SCA, by default Adyen will apply and request for the most suitable exemption type on your behalf. If you want to manage exemption requests on your own, see Managing PSD2 compliance.
You can request for exemptions for the following types of transactions:
- Low Value: Transactions under EUR 30 do not require SCA but the issuing bank will keep track of certain counters such as the number of transactions or the sum of transaction amounts. If the shopper's transactions for one card exceed the counter, for example, after five consecutive transactions or if the sum exceeds EUR 100, the issuing bank will require SCA.
- Low Risk / Transaction Risk Analysis (TRA): Issuing banks can consider transactions as low risk based on the average fraud levels of the card issuer, or of the acquirer processing the transaction, or of both.
TRA has two kinds of implementation:
- TRA exemption request from you or your acquirer: You can request the issuer for a TRA exemption if your fraud levels are below fraud thresholds. If the exemption is granted, the chargeback liability stays with you.
- TRA exemption from the issuer: The card issuer can apply the TRA exemption even if you or your acquirer did not request for it. Send additional information in your payment request to maximize the probability of getting the exemption. The chargeback liability shifts to the issuer.
- Recurring transactions with exact same amount. This exemption is expected to be overridden by MIT and might be considered as out of scope.
- Whitelisted Merchants or Trusted Beneficiaries: After a strongly authenticated payment session, shoppers can add the merchant to a whitelist for the issuer. In 3D Secure 2, shoppers will be able to select a check box to add the merchant to a whitelist. The issuing bank will not require SCA on the next payments for the same merchant. However, note that this exemption depends on whether the issuer supports whitelisting.
- Secure corporate payments: These are payments made through dedicated corporate processes initiated by businesses and not available for consumers. Examples are payments made through central travel accounts, lodged cards, virtual cards, and secure corporate cards, such as those used in a corporate travel management system.