For transactions within the scope of PSD2, you or Adyen can request an SCA exemption if the transaction meets any of the criteria in the list below. The issuer decides whether to grant the exemption. For some types of transaction, the issuer can grant an exemption without you or Adyen requesting it.
By default Adyen sends a request for the most suitable exemption type on your behalf. If Adyen has requested an exemption for a transaction, you receive an additionalData.scaExemptionRequested field in the payment response, containing the type of exemption. If you want to manage exemption requests on your own, see Managing PSD2 compliance.
Requirements
Before you begin, take into account the following requirements:
| Requirement | Description |
|---|---|
| Integration type | An online payments integration. |
Exemptions by transaction type
You can request exemptions for the following types of transactions:
- Low Value: Transactions under EUR 30 do not require SCA but the issuing bank will keep track of certain counters such as the number of transactions or the sum of transaction amounts. If the shopper's transactions for one card exceed the counter (for example, after five consecutive transactions or if the sum exceeds EUR 100), the issuing bank will require SCA.
- Low Risk / Transaction Risk Analysis (TRA): Issuing banks can consider transactions as low risk based on the average fraud levels of the card issuer, of the acquirer processing the transaction, or of both. TRA has two kinds of implementation:
- TRA exemption request from you or your acquirer: You can request the issuer for a TRA exemption if your fraud levels are below fraud thresholds. If the exemption is granted, the chargeback liability stays with you.
- TRA exemption from the issuer: The card issuer can apply the TRA exemption even if you or your acquirer did not request for it. Send additional information in your payment request to maximize the probability of getting the exemption. The chargeback liability shifts to the issuer.
- Allowlisted Merchants or Trusted Beneficiaries: After a strongly authenticated payment session, shoppers can add the merchant to an allowlist for the issuer. In 3D Secure 2, shoppers can select a checkbox to add the merchant to an allowlist. The issuing bank does not require SCA on future payments for the same merchant. However, this exemption depends on whether the issuer supports allowlisting.
- Secure corporate payments: These are payments made through dedicated corporate processes initiated by businesses and not available for consumers. Examples are payments made through central travel accounts, lodged cards, virtual cards, and secure corporate cards, such as those used in a corporate travel management system.
- You can increase the probability of exempting a transaction by providing additional information in your payment request. Issuing banks can use this information to apply the transaction risk analysis (TRA) exemption without you requesting it.
- Recurring transactions are merchant-initiated, and therefore considered out-of-scope.
Exemptions by integration
The following integrations are PSD2 SCA compliant. You do not need to do anything further if you are using them:
- Adyen Online Payments client-side libraries: Web Drop-in and Components, Android Drop-in and Components, and iOS Drop-in and Components.
- Adyen plugins: Adobe Commerce (formerly Magento 2), Salesforce Commerce Cloud, Shopware 5 and 6, Prestashop, SAP Commerce (Hybris), and Oracle Commerce Cloud.
- API only with 3D Secure redirect. You can also support 3D Secure 2 using the same redirect authentication.
Exemptions by card scheme
The following table describes the exemptions available for each card scheme:
| Scheme | lowValue | transactionRiskAnalysis | secureCorporate |
|---|---|---|---|
| American Express |  |
|
 |
| Cartes Bancaires | |
|
|
| CUP | |
|
|
| Mastercard | |
|
|
| Visa | |
|
|
