SCA Exemptions

Exemptions from Strong Customer Authentication (SCA)

Under regulations like PSD2 (EU) or based on card scheme rules, certain transactions may be exempted from requiring full 3DS authentication.

What is an Exemption?

An exemption allows a transaction to bypass strong customer authentication (SCA) while still complying with regulatory requirements.

flowchart LR 
 A[Transaction with examption request] --- B[fa:fa-spinner Does the issuer accept the exemption?]
 B --> C[fa:fa-check YES] 
 B --> D[fa:fa-ban NO]
 C --> E[Frictionless flow]
 D --> F[Challenge flow]

Please note: The issuer makes the final decision to accept or reject the exemption.

Common Exemption Types

Exemption Type	Description
Low-Value Transactions	Payments under €30 (or local equivalent). Limited to 5 uses or €100 total.
Trusted Beneficiaries	Cardholder has whitelisted the merchant.
Corporate Payments	Applies to secure B2B or corporate payment systems.

How an Exemption works?

Merchant flags transaction with exemption indicator.
Exemption request is forwarded to the issuer.
Issuer:
- Accepts → proceeds frictionlessly.
- Rejects → triggers challenge.

What If an Exemption Is Rejected?

Issuer triggers a challenge flow instead.
Your system must be ready to handle that shift.