This section demonstrates how to process an authorization with a strong customer
authentication (SCA) exemption. Merchants can choose which exemption can be applied to a
transaction but the card issuing bank actually grants a SCA exemption during card
authentication.
A SCA exemption enables you to remain in compliance with the European
Union's second Payment Services Directive. Depending on your processor, use one of these
exemption fields:
IMPORTANT
If you send more than one SCA exemption field with a single
authentication, the transaction is denied.
- Authentication Outage: Payer authentication is not available for this transaction due to a system outage.
- B2B Corporate Card: Payment cards specifically for business-to-business transactions are exempt.
- Delegated Authentication: Payer authentication was performed outside of the authorization workflow.
- Follow-On Installment Payment: Installment payments of a fixed amount are exempt after the first transaction.
- Follow-On Recurring Payment: Recurring payments of a fixed amount are exempt after the first transaction.
- Low Risk: The average fraud levels associated with this transaction are considered low.
- Low Value: The transaction value does not warrant SCA.
- Merchant Initiated Transactions: As follow-on transactions, merchant-initiated transactions are exempt.
- Stored Credential Transaction: Credentials are authenticated before storing, so stored credential transactions are exempt.
- Trusted Merchant: Merchants registered as trusted beneficiaries.
Exemption Fields Specific to This Use Case
Use one of these fields to request an SCA exemption:
Exemption Type | Field | Value |
---|---|---|
Authentication Outage | consumerAuthenticationInformation. strongAuthentication. authenticationOutageExemptionIndicator | 1 |
B2B Corporate Card Transaction | consumerAuthenticationInformation.
strongAuthentication. secureCorporatePaymentIndicator | 1 |
Delegated Authentication | consumerAuthenticationInformation. strongAuthentication.
delegatedAuthenticationExemptionIndicator | 1 |
Low-Risk Transaction | consumerAuthenticationInformation.
strongAuthentication. riskAnalysisExemptionIndicator | 1 |
Low-Value Transaction | consumerAuthenticationInformation.
strongAuthentication. lowValueExemptionIndicator | 1 |
Stored Credential Transaction | processingInformation.authorizationOptions.
initiator.storedCredentialUsed | 1 |
Trusted Merchant Transaction | consumerAuthenticationInformation.
strongAuthentication. trustedMerchantExemptionIndicator | 1 |
Country-Specific Requirements
These fields are specific to certain countries and regions.
Argentina
- merchantInformation.taxId
- Required for Mastercard transactions.
- merchantInformation.transactionLocalDateTime
- Required when the time zone is not included in your account. Otherwise, this field is optional.
Brazil
- paymentInformation.card.sourceAccountType
- Required for combo card transactions.
- paymentInformation.card.sourceAccountTypeDetails
- Required for combo card line-of-credit and prepaid-card transactions.
Chile
- merchantInformation.taxId
- Required for Mastercard transactions.
Paraguay
- merchantInformation.taxId
- Required for Mastercard transactions.
Saudi Arabia
- processingInformation.authorizationOptions.transactionMode
Taiwan
- paymentInformation.card.hashedNumber
Endpoint
POST
https://api.cybersource.com
/pts/v2/payments