Contact us


How to deliver smooth UX through SCA exemptions

By introducing SCA exemptions, PSD2 did not only relieve issuers and merchants from the fear of soaring cart abandonment rates; it also enabled customers to enjoy a user experience that is truly frictionless and straightforward. Let's see how to achieve the ultimate user experience while making sure your online transactions are secure.

By introducing SCA exemptions, PSD2 did not only relieve issuers and merchants from the fear of soaring cart abandonment rates; it also enabled customers to enjoy a user experience that is truly frictionless and straightforward. Let's see how to achieve the ultimate user experience while making sure your online transactions are secure.

PSD2 introducing SCA exemptions

The latest PSD2 directive includes SCA exemptions which are available in the 3D Secure v 2.2 upgrade. Exemptions enable cardholders to process particular types of online transactions without the need for an additional authentication step. The initial introduction of Strong Customer Authentication (SCA) requirement was turning heads. Merchants and issuers feared that added friction caused by demanding the cardholder to authenticate using two out of three security elements; knowledge, possession, inherence; would cause friction, ending up with a spike in cart abandonment rates. PSD2 approached this issue by defining particular types of online payments which do not require SCA, i.e., SCA exemptions.

SCA exemptions

  1. Low-risk transactions – data sharing in the payments industry enables transaction evaluation (low, medium, or high risk). If the transaction's score upon risk assessment result as low risk, that transaction does not require additional authentication.
  2. Low-value payment (LVP) ­– All online transactions amounting up to or equal to 30EUR are low-value payments and do not require SCA.
  3. Trusted Merchant Listing – Another convenient feature available in our 3D Secure v2.2 upgrade that enables the cardholder to trust list a merchant as a trusted party. By doing so, they only need to process the first payment upon enrolling the merchant to their trust list using SCA; every future payment will be frictionless.
  4. Corporate payments – In cases where online payments are paid using a card belonging to an entity rather than an individual, there is no need for an additional authentication step for convenience reasons; often, the payments card is shared between multiple colleagues, etc.
  5. Recurring payments – Payments with a fixed amount (e.g., loans, subscriptions) only require SCA for the initial payment authentication. Every future transaction is frictionless unless the transaction amount changes. In such cases, SCA is mandatory for each individual change.

User Experience vs. User Expectations

In 2020 nearly a quarter of the world population shopped online. To be exact, 2.05 billion consumers purchased at least one item online and contributed to the overall eCommerce growth. Let's put things into perspective; this means that roughly every fourth person you see passing by has purchased at least one item online in 2020. Cardholders are active participants of the eCommerce ecosystem. They have high standards when it comes to their online shopping experience.

The main motivator behind such a shift in customer behaviour is convenience. Purchasing online provides them with a broad offering, as well as the alternatives, backed up with easy access to information about the product/service. But what happens when there is a hiccup during the checkout process? It is naive to assume that the cardholder goes through a lengthy trial-and-repeat process. They simply move on to the next best thing. What follows is a missed opportunity for sale, cart abandonment rates soar, and customer loyalty is at stake.

Concerning numbers

A Baymard research states that too long/complicated checkout process is within the top five reasons why customers abandon their purchase and do their business elsewhere. 18% out of the 4329 survey participants expressed their reason for abandoning a purchase to be an issue during the checkout process. That means nearly 780 missed opportunities for a pinned sale; 780 customers lost during the last stage of the buyer's journey.

Until recently, eCommerce merchants had little to no influence on how the checkout experience would look like from the cardholder's perspective. They had to rely on UX designed by the cardholder's issuing bank, which often involved numerous pop-up screens and redirects. Although friction generally means more security, it raises alarm bells in customers' heads or simply annoys the end user.  

By implementing the latest 3D Secure technology, including features such as Strong Customer Authentication (SCA) exemptions, cardholders enjoy a smooth checkout experience that is straightforward and demands only the necessary amount of friction, if any.

Leveraging SCA exemptions

A part of the latest PSD2 directive are SCA exemptions, online transactions that do not demand an additional authentication step because they meet the predefined criteria. Being aware of the cardholders' low tolerance for friction, PSD2 introduced SCA exemptions in order to relieve merchants and issuers from having to demand SCA for each and every online transaction made. By defining such exemptions, the end-users encounter a checkout experience that is genuinely frictionless.

In order to enable the above-mentioned exemptions, a certain type of data-driven evaluation is necessary. Each exemption type demands an individual risk assessment approach, and therefore, particular data is necessary to evaluate if a transaction meets any of the exemption criteria. This demands a cautious setup of the parameters, regardless if the risk scoring engine is rule-based or relies on machine learning.

Enhanced data collection enabled by the new 3D Secure 2 protocol allows the issuer to conduct a more precise risk analysis. Fraud monitoring is necessary on both exempted and SCA-required transactions. Also, in case of merchant whitelisting, risk scoring is necessary on both the transaction risk level as well as the merchant risk level. Real-time fraud monitoring enhances the level of security and does not impact the execution of the transaction. In cases where criteria for exempted transactions are met, the cardholder will place their order instantly. However, if the transaction is flagged, an alternative authentication flow will be applied in order to prevent a possible fraudulent activity.


Although PSD2 puts pressure on merchants and issuers to apply 2FA in the form of Strong customer authentication; SCA exemptions are a convenient way of avoiding additional authentication. If the setup of the parameters is correct, honest cardholders will enjoy a fully frictionless experience. By implementing 3D Secure 2 technology, issuers and merchants are granting flexible and straightforward online payment authentication to their customers.

Top Online Payments Security Trends

Learn about the latest approaches when it comes to assessing security risks, and find out more about the latest authentication trends in the online payments industry.

To find out more about Trides2 portfolio, contact us or visit our blog section.  

Want to learn more about cybersecurity trends and industry news?



chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram