Get in touch

PSD2 SCA

A lot has been written about PSD2 and Strong Customer Authentication (SCA). This blog post provides insight into transactions where SCA does not apply.
PSD2
Enforcement of SCA

A quick reminder: enforcement of SCA is mandated by the ECB as of 31 December 2020. The exception is the UK, where SCA will be enforced on 14 September 2021.

Enforcement will not happen by the ECB itself but by the national authorities. The PSD2 mandate is for the banks, not for merchants. However, if a merchant does not support SCA, issuing banks will start to refuse their transactions. To avoid this, both Visa and Mastercard require merchants to support EMV 3DS 2.1 or above.

Merchants and their payment service providers need to support transactions where SCA is not applicable (out-of-scope/excluded of PSD2), not desired (exempted from SCA to avoid shopping cart abandonment), or not possible (when the cardholder is not interacting with the merchant’s platform).

Exclusions (SCA not applicable)

Transactions excluded from the PSD2 mandate are:

  • Transactions initiated by mail or telephone order (MOTO transactions).

  • Transactions with a card issued outside the European Economic Area (EEA) acquired from within the EEA or vice versa (one-leg transactions).

  • Transactions where an anonymous pre-paid card is used.

Unless the merchant requests so, issuing banks will not apply strong authentication for the above transactions.

Exemptions (SCA not desirable)

Both the acquirer and the issuer can initialize an exemption to the SCA mandate.

The following are exemptions applied by the issuer:

  • Transactions from merchants whitelisted by the cardholder.

  • Secure corporate transactions.

  • Low-risk transactions (depending on issuer fraud levels).

  • Low-value transaction (below 30 euro), but not exceeding counter and volume limits.

In the above cases, the merchant is best off by initializing a 3DS authentication. If an issuer exemption applies, the cardholder will not notice that 3DS authentication was initialized. Fraud liability lies with the issuer if the merchant has initialized 3DS authentication.

The following exemptions can be requested by the merchant:

  • Low-risk transactions (depending on acquirer fraud levels).

  • Low-value transaction (below 30 euro), but not exceeding counter and volume limits.

  • Delegation of SCA (for example by a wallet provider like Apple Pay or Samsung Pay).

Fraud liability lies with the merchant in these cases. It is up to the issuer to decide whether to accept these exemptions or not. The issuer may also soft decline a transaction by indicating this in the authorization response. In that case, the merchant should retry the transaction, but with SCA authentication. Ideally, the payment service provider will retry this automatically for the merchant.

Recurring Transactions and Merchant Initiated Transactions (SCA not possible)

In the case of transaction series where the subsequent transaction is not triggered by the cardholder (for example subscriptions, bill payments or additional charges) the SCA mandate applies only to the first transaction of the series. One-click purchases – where the card is stored on file for later usage triggered by the cardholder – are included in the PSD2 SCA mandate.

Fraud liability of a subsequent transaction depends on the status of the first transaction of the series. Therefore it is important to indicate that a transaction is the first of a series during the authentication. For subsequent transactions, the authentication value of the first transaction can be reused to get the liability shift from merchant to issuer.

The SCA authentication is not a standalone process, but also impacts authorization and clearing messages, and needs to be supported by your acquirer.

Read also

DisputeHelp x Silverflow
Silverflow Partners with DisputeHelp to provide seamless processing and dispute management

Silverflow and DisputeHelp provide payment companies with state-of-the-art payment processing along with end-to-end dispute management services.

Read more
3DS for Payments Explained
3D Secure for Payments Explained

In an era dominated by digital advancements, the landscape of financial transactions is constantly evolving. One such innovation that has...

Silverflow x Wealthon Announcement
Silverflow partners with Wealthon to boost next-generation financial tools for small businesses

Silverflow, a leading cloud platform for global card processing, and Wealthon, a modern financing ecosystem for entrepreneurs, have entered into...

Curious about what the platform has to offer?

Get in touch