worldline Direct
Sign up

Exemption Engine

    Introduction

    Although 3-D Secure is now mandatory for online transactions, SCA regulations allow to skip 3-D Secure altogether in some cases. Checking the requirements for that adds complexity to your integration, especially when you need to weight customer experience and conversion rate against Fraud Prevention.

    Therefore, we are happy to offer you the Exemption Engine feature. It implements this process by automatically:

    You can keep sending all your flow to one account, as the Exemption Engine will automatically filter your transactions which are not eligible for exemptions.

    The following exemptions are in scope:

    • Low amount transactions: For transactions below 30€ (or equivalent in another currency). However, SCA is applicable if your customers make either:
      • Five consecutive transactions without authentication.
        Or
      • A transaction higher than 100€.

        In cases like these, the issuer refuses the exemption and we will reinitiate SCA.

    • Acquirer Transaction Risk Analysis (TRA): For transactions considered low fraud risk. As your acquirer is liable and overlooks the overall portfolio of the transactions (transaction value, fraud rate), it grants an exemption or not. Contact your acquirer for details.
    • Low Risk Merchant Program (LRMP) by Cartes Bancaires: For transactions below 100€, CB guarantees mostly frictionless flows, but you are liable for such cases. Contact Cartes Bancaires for more details.

    The following are not in scope:

    • Transactions for payment methods:
      JCB
      Diners Club
    • For transactions you send with parameter cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator (i.e. for Card On File).
    • Transactions above 500€.
    • Transactions out of SCA scope.

    Based on the overall picture, our platform will automatically skip or roll-out 3-D Secure, steering the overall payment flow accordingly.

    Payment Flow

    This is a high-level payment flow covering only the mandatory steps. Regardless of the mode you choose, the flow follows some basic steps as described below. Learn in our dedicated guides about the individual differences:

    Our Exemption Engine is available for all our integration methods and blends in seamlessly in the payment flow.

    1. You send a CreatePayment/CreateHostedCheckout request to our platform, including at least the mandatory 3-D Secure and as many Fraud Prevention properties as possible.
    2. Your Fraud Prevention performs the Risk Score Calculation/Rule Engine Decision and checks whether the transaction is applicable for the Exemption Engine flow:
      a. If any of the criteria is met, the flow continues at 3.
      b. If not, the flow continues at 4.
    3. We submit the actual financial transaction to the acquirer to process it. We receive the transaction result. The flow continues at 7.
    4. We submit the actual financial transaction for authorisation to the acquirer. Depending on the payment method, the following scenarios are possible:
      a. Visa/MasterCard/American Express:  We submit the transaction with a preference for frictionless flow. If the issuer does not accept the frictionless flow, we will automatically recover the transaction via Soft Decline.
      b. Cartes Bancaires: We submit the transaction with a preference for frictionless flow.
    5. We receive the transaction result.
    6. We redirect your customer to your returnUrl.
    7. You request the transaction result from our platform via GetPaymentDetails/GetHostedCheckout or receive the result via webhooks.
    8. If the transaction was successful, you can deliver the goods / service.

    Integration

    To use the Exemption Engine, make sure to fulfil these requirements:

    • Contact us to inform us you would like to use the Exemption Engine. Provide us with a list of PSPIDs so we can configure them accordingly.
    • Activate either Fraud Prevention Silver/Fraud Prevention Gold. Once either is configured properly, send as many additional properties as possible in your CreateHostedCheckout/CreatePayment request. Find a list of these in the dedicated chapter in our Fraud Prevention guide.
    • Make sure your integration complies to SCA by sending at the mandatory parameters for 3-D Secure.
    • Sign an agreement with your acquirer(s) for a Transaction Risk Analysis (TRA). Inform us about threshold you agreed upon.
    • If you offer Cartes Bancaires, join their Low Risk Merchant Program (LRMP). Inform us about the implementation. Once you have joined, send the following additional parameters in your Cartes Bancaires requests:
      order.customer.billingaddress
          city
          countryCode
          street
          zip
      order.customer.contactDetails
          emailAddress
          phoneNumber
      order.shipping.adressIndicator.fraudFields.customerIPaddress

    Depending on the integration method, differences apply. Find an example for all in the "Integration" tab for the respective payment. Make sure to add as many Fraud Prevention properties as possible:

    • American Express
    • Cartes Bancaires
    • MasterCard
    • Visa
    If you use the Exemption Engine solution, you acknowledge and accept that a successful exemption does not always comply to the SCA protocol. Consequently, you are liable for these exemptions if these turn out to be fraudulent.

    Was this page helpful?

    Do you have any comments?

    Thank you for your response.
    Help & Info
    API Info
    Developer Tools
    © 2025 | Worldline | Terms of use | Privacy | Cookie notice
    New Feature

    Try out our new chatbot and find answers to all your questions.