1. Introduction

Although 3-D Secure is now mandatory for online transactions, PSD2 regulations allow to skip 3-D Secure altogether in some cases. Checking the requirements for that adds complexity to your integration, especially when you need to weight customer experience and conversion rate against fraud prevention.
Therefore, we are happy to offer you our Exemption Engine. It implements this process by automatically

• Scanning incoming transactions, rolling out or skipping 3-D Secure appropriately
• Steering the flow to Soft Decline and/or challenge/frictionless flow when applicable

2. Understand Exemption Engine

The PSD2 guidelines grant exemptions from 3-D Secure if a transaction meets specific requirements. The Exemption Engine scans incoming transactions for properties that favour skipping 3-D Secure. The following exemptions are in scope:

• Low amount transactions: For transactions below 30€ (or equivalent in another currency). However, Strong Customer Authentication (SCA) is applicable if your customers make either
  
  • Five consecutive transactions without authentication
    Or
  • A transactions higher than 100€
    
    In cases like these, the issuer refuses the exemption and we will reinitiate SCA
• Acquirer Transaction Risk Analysis (TRA): For transactions considered low fraud risk. As your acquirer is liable and overlooks the overall portfolio of the transactions (transaction value, fraud rate), it grants an exemption or not. Contact your acquirer for details
• Low Risk Merchant Program (LRMP) by Carte Bancaire: For transactions below 100€, CB guarantees mostly frictionless flows, but you are liable for such cases. Contact Carte Bancaire for more details
  
• To use the Exemption Engine, you need to meet some requirements. Learn all you need to know in the Use Exemption Engine chapter

You can keep sending all your flow to one PSPID, as the Exemption Engine will automatically filter your transactions which are not eligible for exemptions:

• Payment methods out of scope: 
  JCB
  Diners Club
• Transactions out of PSD2 scope
• For transactions you send with parameter cardPaymentMethodSpecificInput.threeDSecure.challengeIndicator (i.e. for recurring payments)
• Transactions above 500€

Based on the overall picture, our platform will automatically skip or roll-out 3-D Secure, steering the overall payment flow accordingly.

3. Understand payment flow

Our Exemption Engine is available for or all our integration modes and blends in seamlessly in the payment flow.

1. You send a CreatePayment/CreateHostedCheckout request to our platform, including parameters for 3-D Secure V2 and Fraud Prevention.
2. Your Fraud Prevention module calculates the Global Fraud Score and checks whether the transaction is applicable for the Exemption Engine flow: 
   • If any of the criteria is met, the flow continues at 3
   • If not, the flow continues at 4
3. We submit the actual financial transaction to the acquirer to process it. We receive the transaction result. The flow continues at 7
4. Depending on the payment method, the following scenarios are possible:
   • Visa/MasterCard/American Express: We submit the actual financial transaction for authorisation to the acquirer. If the issuer does not accept the exemption, we will automatically recover the transaction via Soft Decline. The flow then continues at 5
   • Carte Bancaire: We submit the exemption, requesting a frictionless flow. The flow then continues at 5
   • If no exemption is granted for either payment method, we roll out 3-D Secure with a preference for frictionless flow. The flow then continues at 5
5. We submit the actual financial transaction to the acquirer to process it. We receive the transaction result
6. We redirect your customer to your returnUrl
7. You request the transaction result from our platform via GetPayment or receive the result via webhooks
8. If the transaction was successful, you can deliver the goods / services

4. Use Exemption Engine

To use the Exemption Engine, make sure to fulfil these requirements:

• Contact us to inform us you would like to use the Exemption Engine. Provide us with a list of PSPIDs so we can configure them accordingly
• Activate either Fraud Expert Scoring or Fraud Expert Checklist, as the Exemption Engine is part of these modules. Configure it properly and send as many Fraud Prevention parameters in your request as possible
• Sign an agreement with your acquirer(s) for a Transaction Risk Analysis (TRA). Inform us about threshold you agreed upon
• Make sure your integration complies to PSD2 by sending at the mandatory parameters for 3-D Secure V2  
• If you offer Carte Bancaire, join their Low Risk Merchant Program (LRMP). Inform us about the implementation. Once you have joined, send the following additional parameters in your Carte Bancaire requests: 
  
  order.customer.billingaddress
      city
      countryCode
      street
      zip
  order.customer.contactDetails
      emailAddress
      phoneNumber
  order.shipping.adressIndicator.fraudFields.customerIPaddress