Exemption Engine
Introduction
Although 3-D Secure is now mandatory for online transactions, SCA regulations allow to skip 3-D Secure altogether in some cases. Checking the requirements for that adds complexity to your integration, especially when you need to weight customer experience and conversion rate against Fraud Prevention.
Therefore, we are happy to offer you the Exemption Engine feature. It implements this process by automatically:
- Scanning incoming transactions, rolling out or skipping 3-D Secure appropriately.
- Steering the flow to Soft Decline and/or challenge/frictionless flow when applicable.
You can keep sending all your flow to one account, as the Exemption Engine will automatically filter your transactions which are not eligible for exemptions.
The following exemptions are in scope:
- Low amount transactions: For transactions below 30€ (or equivalent in another currency). However, SCA is applicable if your customers make either:
- Five consecutive transactions without authentication.
Or - A transaction higher than 100€.
In cases like these, the issuer refuses the exemption and we will reinitiate SCA.
- Five consecutive transactions without authentication.
- Acquirer Transaction Risk Analysis (TRA): For transactions considered low fraud risk. As your acquirer is liable and overlooks the overall portfolio of the transactions (transaction value, fraud rate), it grants an exemption or not. Contact your acquirer for details.
- Low Risk Merchant Program (LRMP) by Cartes Bancaires: For transactions below 100€, CB guarantees mostly frictionless flows, but you are liable for such cases. Contact Cartes Bancaires for more details.
The following are not in scope:
- Transactions for payment methods:
JCB
Diners Club - For transactions you send with parameter cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator (i.e. for Card On File).
- Transactions above 500€.
- Transactions out of SCA scope.
Based on the overall picture, our platform will automatically skip or roll-out 3-D Secure, steering the overall payment flow accordingly.
- Exemption Engine is available for the following payment methods:
American Express
Cartes Bancaires
MasterCard
Visa
via all integration modes. - Exemption Engine can be used together with our Fraud Prevention Silver/Fraud Prevention Gold solution.
Payment Flow
This is a high-level payment flow covering only the mandatory steps. Regardless of the mode you choose, the flow follows some basic steps as described below. Learn in our dedicated guides about the individual differences:
Our Exemption Engine is available for all our integration methods and blends in seamlessly in the payment flow.
- You send a CreatePayment/CreateHostedCheckout request to our platform, including at least the mandatory 3-D Secure and as many Fraud Prevention properties as possible.
- Your Fraud Prevention performs the Risk Score Calculation/Rule Engine Decision and checks whether the transaction is applicable for the Exemption Engine flow:
a. If any of the criteria is met, the flow continues at 3.
b. If not, the flow continues at 4. - We submit the actual financial transaction to the acquirer to process it. We receive the transaction result. The flow continues at 7.
- We submit the actual financial transaction for authorisation to the acquirer. Depending on the payment method, the following scenarios are possible:
a. Visa/MasterCard/American Express: We submit the transaction with a preference for frictionless flow. If the issuer does not accept the frictionless flow, we will automatically recover the transaction via Soft Decline.
b. Cartes Bancaires: We submit the transaction with a preference for frictionless flow. - We receive the transaction result.
- We redirect your customer to your returnUrl.
- You request the transaction result from our platform via GetPaymentDetails/GetHostedCheckout or receive the result via webhooks.
- If the transaction was successful, you can deliver the goods / service.
Integration
To use the Exemption Engine, make sure to fulfil these requirements:
- Contact us to inform us you would like to use the Exemption Engine. Provide us with a list of PSPIDs so we can configure them accordingly.
- Activate either Fraud Prevention Silver/Fraud Prevention Gold. Once either is configured properly, send as many additional properties as possible in your CreateHostedCheckout/CreatePayment request. Find a list of these in the dedicated chapter in our Fraud Prevention guide.
- Make sure your integration complies to SCA by sending at the mandatory parameters for 3-D Secure.
- Sign an agreement with your acquirer(s) for a Transaction Risk Analysis (TRA). Inform us about threshold you agreed upon.
- If you offer Cartes Bancaires, join their Low Risk Merchant Program (LRMP). Inform us about the implementation. Once you have joined, send the following additional parameters in your Cartes Bancaires requests:
order.customer.billingaddress
city
countryCode
street
zip
order.customer.contactDetails
emailAddress
phoneNumber
order.shipping.adressIndicator.fraudFields.customerIPaddress
Depending on the integration method, differences apply. Find an example for all in the "Integration" tab for the respective payment. Make sure to add as many Fraud Prevention properties as possible:
- American Express
- Cartes Bancaires
- MasterCard
- Visa