Better conversion rate with Saferpay and SCA exemptions


Better conversion rate with Saferpay and SCA exemptions

What you need to know: Exemptions for strong customer authentication (SCA)

Strong customer authentication (SCA) is a new requirement for European payment transactions that aims to reduce fraud and make online payments more secure. Strong customer authentication, nevertheless, requires an additional step in the payment process that can lower conversion rate and, in the worst case, result in aborted payment.

The EU Payment Services Directive PSD2 provides for exemptions for certain low-risk scenarios and specifies criteria that allow a transaction to take place without strong customer authentication. As a merchant, you stand to benefit from increased security thanks to strong customer authentication as well as from better conversion rates for low-risk transactions thanks to SCA exemptions.

In this blog post, you will learn when strong customer authentication is required and how and in which cases you can request exemptions.

Technical documentation

What is strong customer authentication?

Remember that strong customer authentication requires all payment transactions – apart from the specified exemptions – to be strongly secured, and at least two of the following three factors must be used for this purpose:

Knowledge:

Password
PIN
Secret question
Numerical sequence

Possession:

Mobile phone
Wearable devices
Token
Smartcard

Inherence:

Fingerprint
Voice recognition
Iris recognition
Facial features

The cardholder’s bank then asks the cardholder to enter additional information during the payment process. This could, for example, be a unique code sent to his mobile phone or the fingerprint authentication via his mobile banking app.

What are the exemptions from strong customer authentication?

PSD2 provides for a number of exemptions for which, although the cardholder does not need to perform strong customer authentication, the transactions, nevertheless, undergo “full 3-D Secure authentication”. These SCA exemptions simplify the payment process for your customers, which in turn increases the conversion rate.

The following exemptions are relevant for you as a merchant:

Small amounts Recurring payments
Whitelisting Low risk
Payments up to EUR 30 - up to the limit of EUR 100 in total or five consecutive payments. From the second transaction on-going to the same recipient and the same amount. The cardholder creates a whitelist for trusted merchants. Risk assessment of a transaction with amounts within defined thresholds.

How you can benefit from the strong customer authentication exemptions

As a Saferpay customer with an acquiring contract from Worldline, you can request exemptions for small amounts, recurring payments and low-risk transactions. Recurring transactions by Worldline customers are automatically identified and a corresponding exemption is requested if they are executed in accordance with the specification.

The cardholder’s bank decides whether an exemption request is granted or rejected. When requesting an exemption for a transaction that meets the specifications, you should take the following into account:

  1. The merchant bears the liability for this transaction.
  2. The cardholder’s bank can still reject the exemption and enforce SCA. The card issuer assumes liability in this case.

What is needed for an exemption request

You may request an SCA exemption under the following conditions:

  • Your acquirer, if not Worldline, supports strong customer authentication exemptions.
  • You have a contractual agreement with your acquirer the covers the execution of SCA exemptions.
  • You can perform a real-time risk analysis of transactions.
  • You ensure that SCA exemptions are only requested for transactions for which exemptions may be requested according to the PSD2 definition.

SCA is not mandatory in the following cases

There is no SCA obligation and thus no need to request exemptions in the following cases:

  • Anonymous prepaid cards
  • Mail orders and telephone orders (MOTO transactions)
  • Interregional / “one leg” transactions (if the merchant’s registered office or the buyer’s address is outside the European Economic Area, EEA)
  • Transactions initiated by the payee

Technical documentation

The SCA exemptions section of the Saferpay Integration Guide contains all necessary technical details on how to request transaction exemptions: 

https://saferpay.github.io/sndbx/psd2.html

FAQ