The arrival of PSD2 SCA is a good sign for digital commerce, because it will make it safer and more secure for consumers to transact in the digital world. But on the backend, these extra security measures can sometimes create unwanted friction for consumers. That’s where exemptions come into play.
There are exemptions within this mandate, which all refer to different types of transactions where issuers can bypass the requirements for Strong Customer Authentication, to expedite the transaction. Some exemptions deal with point-of-sale transactions, which aren’t relevant to this discussion.
The other exemptions in PSD2 SCA deal with the following types of transactions:
- Recurring Transactions.
- Low-Value Transactions. “Low-Value” is defined as any amount below €30.
- One Leg Out.
- Low-Risk Transactions. These transactions go through Transaction Risk Analysis (TRA). Issuers and Acquirers only qualify for this exemption if they maintain a certain fraud rate.
- Transactions with Trusted Beneficiaries.
While some of these exemptions are straightforward, others are a little more complex.
The One Leg Out exemption refers to transactions where either the issuer or acquirer is located outside the European Economic Area (EEA), while the Trusted Beneficiary exemption deals with transactions between consumers and the merchants they trust and deal with on a regular basis. The consumer controls their list of trusted beneficiaries and works with their issuing bank to maintain it.
It’s important to have a working knowledge of these exemptions, so that you are aware of how they may affect your business. We will talk more about how certain approaches to these exemptions differ between different merchants in the digital commerce space in the coming weeks. Stick with us!
Stay tuned for more informative posts about this topic but, while you’re waiting, think about how you’re planning to approach, and deal with, these exemptions.