An exemption from Strong Customer Authentication is applied for a series of remote transactions for the same amount to a single beneficiary. However, Strong Customer Authentication is required for the first transaction (the contract) or for each modification of the series conditions.
An exemption from Strong Customer Authentication for a low value remote payment can be invoked:
➔ If the amount of the transaction does not exceed EUR 30.
➔ If, since the last transaction with Strong Customer Authentication of the holder, the maximum amount of low value remote transactions, regardless of the merchant, or the number of low value remote transactions does not exceed a ceiling (velocity criteria) defined by the RTS-SCA (max EUR 100 or 5 transactions, at the issuer’s discretion, which can also lower these ceilings).
- Transactional Risk Analysis
The exemption from Strong Customer Authentication for a remote transaction referred to as ‘risk analysis’ can be invoked by the acquirer (on behalf of the merchant) and by the issuer if the following two conditions are met:
➔ That the transaction is declared safe (for example, no infection of the user’s workstation by a malware, no abnormal disbursements by the payer, location of the payer, transactions history, etc.).
➔ That the fraud rate (for remote transactions) for the payment establishment (for Bank acquirer and for Bank issuer but and not for the merchant or his PSP) is below preset ceilings:
➩ 0,13% if the amount of the transaction is less than EUR 100.
➩ 0,06% if the amount of the transaction is less than EUR 250.
➩ 0,01% if the amount of the transaction is less than EUR 500.
➩ Exemption not applicable for transactions of over EUR 500.