Out-of-scope transactions are transactions not covered by the PSD2 mandate. The issuing bank will not apply any strong authentication and guarantees that shoppers will not be presented with an authentication challenge, unless you specifically ask for 3D Secure in your payment request.
Out-of-scope transactions include:
- Interregional transactions: Payments where the card was issued outside of Europe or where the country you are acquiring from is outside of Europe. Some European issuing banks are expected to require SCA anyway even if a payment is acquired outside of Europe.
- Merchant-Initiated Transactions (MIT) and Direct Debits: A payment or a series of payments with fixed or variable amounts that the merchant performs without direct involvement of the shopper. Examples are subscriptions, automatic account top-ups, and instalments. The initial transaction should have gone through SCA and the shopper should have agreed to the terms and conditions of the succeeding MITs. To ensure that your transaction is accurately classified as MIT, see SCA requirements based on business models for more information on MIT implementation. Adjust authorizations are also considered MIT.
- Mail Order and Telephone Orders (MOTO): MOTO transactions are not considered to be electronic payments, so these are out of the scope of the regulation.
- Anonymous cards: This type of cards can only be identified by the issuing bank. For example, anonymous prepaid cards.