worldline Direct
Sign up


Although 3-D Secure is now mandatory for online transactions, SCA regulations allow to skip 3-D Secure altogether in some cases. Checking the requirements for that adds complexity to your integration, especially when you need to weight customer experience and conversion rate against Fraud Prevention.

Therefore, we are happy to offer you the Exemption Engine feature. It implements this process by automatically:

You can keep sending all your flow to one account, as the Exemption Engine will automatically filter your transactions which are not eligible for exemptions.

The following exemptions are in scope:

  • Low amount transactions: For transactions below 30€ (or equivalent in another currency). However, SCA is applicable if your customers make either:
    • Five consecutive transactions without authentication.
    • A transaction higher than 100€.

      In cases like these, the issuer refuses the exemption and we will reinitiate SCA.

  • Acquirer Transaction Risk Analysis (TRA): For transactions considered low fraud risk. As your acquirer is liable and overlooks the overall portfolio of the transactions (transaction value, fraud rate), it grants an exemption or not. Contact your acquirer for details.
  • Low Risk Merchant Program (LRMP) by Carte Bancaire: For transactions below 100€, CB guarantees mostly frictionless flows, but you are liable for such cases. Contact Carte Bancaire for more details.

The following are not in scope:

  • Transactions for payment methods:
    Diners Club
  • For transactions you send with parameter cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator (i.e. for recurring payments).
  • Transactions above 500€.
  • Transactions out of SCA scope.

Based on the overall picture, our platform will automatically skip or roll-out 3-D Secure, steering the overall payment flow accordingly.

Understand payment flow

This is a high-level payment flow covering only the mandatory steps. Regardless of the mode you choose, the flow follows some basic steps as described below. Learn in our dedicated guides about the individual differences:

Our Exemption Engine is available for or all our integration modes and blends in seamlessly in the payment flow.

  1. You send a CreatePayment/CreateHostedCheckout request to our platform, including at least the mandatory 3-D Secure and as many Fraud Prevention properties as possible.
  2. Your Fraud Prevention performs the Risk Score Calculation/Rule Engine Decision and checks whether the transaction is applicable for the Exemption Engine flow:
    a. If any of the criteria is met, the flow continues at 3.
    b. If not, the flow continues at 4.
  3. We submit the actual financial transaction to the acquirer to process it. We receive the transaction result. The flow continues at 7.
  4. We submit the actual financial transaction for authorisation to the acquirer. Depending on the payment method, the following scenarios are possible:
    a. Visa/MasterCard/American Express:  We submit the transaction with a preference for frictionless flow. If the issuer does not accept the frictionless flow, we will automatically recover the transaction via Soft Decline.
    b. Carte Bancaire: We submit the transaction with a preference for frictionless flow.
  5. We receive the transaction result.
  6. We redirect your customer to your returnUrl.
  7. You request the transaction result from our platform via GetPayment or receive the result via webhooks.
  8. If the transaction was successful, you can deliver the goods / service.

Integrate Exemption Engine

To use the Exemption Engine, make sure to fulfil these requirements:

  • Contact us to inform us you would like to use the Exemption Engine. Provide us with a list of PSPIDs so we can configure them accordingly.
  • Activate either Fraud Prevention Silver/Fraud Prevention Gold. Once either is configured properly, send as many additional properties as possible in your CreateHostedCheckout/CreatePayment request. Find a list of these in the dedicated chapter in our Fraud Prevention guide.
  • Make sure your integration complies to SCA by sending at the mandatory parameters for 3-D Secure.
  • Sign an agreement with your acquirer(s) for a Transaction Risk Analysis (TRA). Inform us about threshold you agreed upon.
  • If you offer Carte Bancaire, join their Low Risk Merchant Program (LRMP). Inform us about the implementation. Once you have joined, send the following additional parameters in your Carte Bancaire requests:

Depending on the integration mode, differences apply. Find an example for all in the "Integration" tab for the respective payment. Make sure to add as many Fraud Prevention properties as possible:

  • American Express
  • Carte Bancaire
  • MasterCard
  • Visa
If you use the Exemption Engine solution, you acknowledge and accept that a successful exemption does not always comply to the SCA protocol. Consequently, you are liable for these exemptions if these turn out to be fraudulent.

Was this page helpful?

Do you have any comments?

Thank you for your response.