Secure digital payment

02 July 2020

PSD2 Acquirer Exemptions

Leveraging opportunities for better customer friendliness

The European Payment Services Directive (PSD2) requests Strong Customer Authentication (SCA) for online payment transactions. However, there is a catalogue of exemptions to this rule. In order to offer their customers a checkout process that is as simple and straightforward as possible, acquirers and online merchants can and should make consistent use of these exemptions.

Many online merchants fear that strong customer authentication leads to purchase cancellations and lower conversion rates. In addition, more than 80 percent of credit card misuse is attributable to card-not-present transactions (especially in e-commerce). The need for action seems more than obvious. The challenge for online merchants and their acquirers is now to find the right strategy for dealing with the PSD2 and its exemptions, and to ensure the highest possible acceptance rate for card payments with a simultaneously low fraud rate.

Which exemptions are possible for acquirers?

In order to process as many transactions as possible without strong customer authentication, acquirers can use the following exemptions: low value transactions, transaction risk analysis and recurring transactions.

Low value transactions are payments with a value of less than 30 euros. At the same time, the total value of all transactions since the last Strong Customer Authentication must not exceed EUR 100 and no more than five transactions in total may have taken place since the last authentication. The problem is that acquirers cannot correctly track the number of total transactions and the cumulative value of a card. Only the card issuer has the necessary data.

In the transaction risk analysis, the exemption rule depends on the acquirer's abuse rate in combination with certain transaction values. For transactions of more than 500 euros, the Transaction Risk Analysis no longer applies. For transaction values between 250 and 500 euros, the acquirer must prove an abuse rate of no more than 0.01 percent in order to be allowed to process a transaction without strong customer authentication. For lower transaction values, slightly higher abuse rates are tolerated (up to a maximum of 0.13%).

Only transactions in which the amount and the payment recipient match the first transaction are recognized as recurring transactions. The problem here lies in the very complex implementation requirements.

If an acquirer uses these exceptions, the elimination of strong customer authentication will certainly reduce the number of abandoned purchases and improve conversion. In most cases, the liability lies with the acquirer. They therefore have to find the right balance between security and profitability based on their risk assessment and the possibilities of the exemptions. This requires a continuous analysis of transaction and abuse data as well as a continuous improvement of risk management.

Netcetera has developed the Netcetera eCom Exemption Advisor for acquirers and payment service providers as a new solution. Based on various customer-specific parameters, this solution supports the decision whether a transaction can benefit from one of the exemptions or whether strong customer authentication is needed.

Delegated authentication offers a fundamentally different variant, namely that the merchant already carries out strong customer authentication. This enables an even better customer experience, where a PSD2 and SCA compliant one-click checkout is possible. Kurt Schmid: "I see delegated authentication as one of the best ways to provide a seamless user experience for customers. This can be used by merchants of all sizes and it greatly simplifies transaction processing".

Watch our related webinar

PSD2 Acquirer Exemptions and Delegated Authentication

Watch now

More stories

On this topic

Improving the online payment process

Deliver a compelling payment experience

EMV 3DS 2.3.1 : New opportunities

The latest 3DS version provides new opportunities

3DS certification by eftpos Australia

3DS Server enables access to Australian merchants & commerce

14 June 2023

Ready for the Visa DAF program

Advancing digital payment for a seamless customer journey

12 May 2023

Netcetera 3DS Server compliant with MADA

Netcetera ready for MADA specifications on EMV® 3-D Secure

04 April 2023

Helping issuers reduce fraud & friction

Helping issuers reduce fraud and friction

04 April 2023

Nurturing optimal customer experience

Certification of 3DS Directory Server for EMVCo 2.1. and 2.2

04 April 2023

MPE 2023 Award for Netcetera

MPE 2023 Award for Netcetera’s 3DS Server and 3DS SDK soluti

04 April 2023

Netcetera and DPG partnering

Partnership aims towards easier customer adoption of PSD

16 March 2023

Zemen Bank and Netcetera partner up

Driving digital payment in Africa

15 March 2023

Introducing biometric reading in MENA

Cooperation for a new era of online payment authentication

27 February 2023

SumUp and Netcetera team up on ACS

Protecting merchants from online fraud

14 February 2023

Safeguarding the online transactions

How to keep consumers safe in times like these

01 February 2023

Better authentication will secure our digital future

How strong authentication will secure the digital economy

Strong partners: DKB and Netcetera

Smooth and convenient online payments with Visa Debit

18 October 2022

Simplifying payment with Mastercard

Digital First partner in the Mastercard Engage program

19 September 2022

One-click checkout payment now live in the Czech Republic

A convenient payment method for easy checkout

08 August 2022
MORE STORIES