SCA exemptions include a neat feature, merchant whitelisting. Enabling the cardholders to pick and choose merchants whom they trust provides them with control over their online payments user experience. To get more insight into cardholder UX along with best practices regarding managing the merchant whitelist, keep reading.
This article is a part of our Merchant Whitelisting Best Practices series. To round up the story take a look at our post regarding MWL industry best practices, Risk Considerations edition.
PSD2 & RTS enable cardholders to exempt certain merchants from SCA by adding them to their merchant whitelist. 3D Secure 2.2 brought us merchant whitelisting, also known and trusted beneficiaries, a part of the SCA exemptions. MWL allows cardholders to whitelist trusted beneficiaries in order to avoid an additional authentication step during online payment processing.
This approach leads to a truly frictionless user experience, regardless of the transaction amount or merchant fraud rate. MWL is applicable for one-click payments, including both card-on-file and recurring payments with variable amounts. It is important to mention that not all merchants are eligible for whitelisting. The selection of MWL eligible candidates is under the issuing bank's control. Depending on the merchant industry type, level of risk, and cardholder transaction history, the issuer compiles a list of merchants eligible for merchant whitelisting.
Specific conditions under which merchant whitelisting is applicable includes the following requirements:
The following paragraphs bring a summary of best practices suggested by VISA and MasterCard regarding the UX when it comes to merchant whitelisting.
There are two flows for adding a merchant to a whitelist.
This approach involves issuing bank's ACS and has less impact on issuers. Merchants would be whitelisted one at a time.
Suggested best practices include the following:
This would require issuers to make changes within their online banking service; the cardholder would be able to whitelist merchants in bulk, making the user experience much more friendly.
Suggested best practices include the following:
Cardholders need to be able to view, add and remove merchants from the whitelist using their online banking service. Each attempt to modify or view MWL should require SCA. This is due to having access to sensitive payment data.
Relevant stakeholders, issuers and ACSs, are the primary promoters of the new functionality. They should therefore communicate the benefits of merchant whitelisting to the cardholders.
Use the following ''selling-points'' when educating cardholders:
It is recommended that whitelisting is applied for one card at a time; the card being used for processing the payment. In case whitelisting is enabled for multiple cards, each card should require a separate SCA.
If you want to find out more, contact our ASEE 3D Secure Team or download the datasheet.