Direct Support Site

Results for

icon-search-large No search results yet
Enter your search query above

1. Introduction

Although 3-D Secure is now mandatory for online transactions, PSD2 regulations allow to skip 3-D Secure altogether in some cases. Checking the requirements for that adds complexity to your integration, especially when you need to weight customer experience and conversion rate against fraud prevention.
Therefore, we are happy to offer you our Exemption Engine. It implements this process by automatically

The Exemption Engine is available for the following payment methods:
American Express  
Carte Bancaire

2. Understand Exemption Engine

The PSD2 guidelines grant exemptions from 3-D Secure if a transaction meets specific requirements. The Exemption Engine scans incoming transactions for properties that favour skipping 3-D Secure. The following exemptions are in scope:

  • Low amount transactions: For transactions below 30€ (or equivalent in another currency). However, Strong Customer Authentication (SCA) is applicable if your customers make either
    • Five consecutive transactions without authentication
    • A transactions higher than 100€

      In cases like these, the issuer refuses the exemption and we will reinitiate SCA
  • Acquirer Transaction Risk Analysis (TRA): For transactions considered low fraud risk. As your acquirer is liable and overlooks the overall portfolio of the transactions (transaction value, fraud rate), it grants an exemption or not. Contact your acquirer for details
  • Low Risk Merchant Program (LRMP) by Carte Bancaire: For transactions below 100€, CB guarantees mostly frictionless flows, but you are liable for such cases. Contact Carte Bancaire for more details
  • To use the Exemption Engine, you need to meet some requirements. Learn all you need to know in the Use Exemption Engine chapter

You can keep sending all your flow to one PSPID, as the Exemption Engine will automatically filter your transactions which are not eligible for exemptions:

Based on the overall picture, our platform will automatically skip or roll-out 3-D Secure, steering the overall payment flow accordingly.

3. Understand payment flow

Our Exemption Engine is available for or all our integration modes and blends in seamlessly in the payment flow.

  1. You send a CreatePayment/CreateHostedCheckout request to our platform, including parameters for 3-D Secure V2 and Fraud Prevention.
  2. Your Fraud Prevention module calculates the Global Fraud Score and checks whether the transaction is applicable for the Exemption Engine flow: 
  3. We submit the actual financial transaction to the acquirer to process it. We receive the transaction result. The flow continues at 7
  4. Depending on the payment method, the following scenarios are possible:
    • Visa/MasterCard/American Express: We submit the actual financial transaction for authorisation to the acquirer. If the issuer does not accept the exemption, we will automatically recover the transaction via Soft Decline. The flow then continues at 5
    • Carte Bancaire: We submit the exemption, requesting a frictionless flow. The flow then continues at 5
    • If no exemption is granted for either payment method, we roll out 3-D Secure with a preference for frictionless flow. The flow then continues at 5
  5. We submit the actual financial transaction to the acquirer to process it. We receive the transaction result
  6. We redirect your customer to your returnUrl
  7. You request the transaction result from our platform via GetPayment or receive the result via webhooks
  8. If the transaction was successful, you can deliver the goods / services
As Soft Decline is not available for Carte Bancaire, the transaction flow will either follow a challenge or frictionless flow from point 4 on

4. Use Exemption Engine

To use the Exemption Engine, make sure to fulfil these requirements:

  • Contact us to inform us you would like to use the Exemption Engine. Provide us with a list of PSPIDs so we can configure them accordingly
  • Activate either Fraud Expert Scoring or Fraud Expert Checklist, as the Exemption Engine is part of these modules. Configure it properly and send as many Fraud Prevention parameters in your request as possible
  • Sign an agreement with your acquirer(s) for a Transaction Risk Analysis (TRA). Inform us about threshold you agreed upon
  • Make sure your integration complies to PSD2 by sending at the mandatory parameters for 3-D Secure V2  
  • If you offer Carte Bancaire, join their Low Risk Merchant Program (LRMP). Inform us about the implementation. Once you have joined, send the following additional parameters in your Carte Bancaire requests: 

If you use the Exemption Engine solution, you acknowledge and accept that a successful exemption does not always comply to the Strong Customer Authentication (SCA) protocol. Consequently, you are liable for these exemptions if these turn out to be fraudulent.

As a safety measure, activating and setting up properly either the Fraud Expert Scoring or Fraud Expert Checklist solution is a mandatory requirement for using the Exemption Engine.

Contact us to activate and set up the Fraud Expert Scoring or Fraud Expert Checklist module