- Getting Started
- Tutorials
- COPYandPAY
- Server-to-Server
- 3D Secure
- Pay By Link
- Mobile SDK
- Manage Payments
- Plugins
- Reporting
- Webhooks
- Smart Engage
- Reference
- API Reference
- Basic Payment
- Forex
- Authentication
- Card Account
- Apple Pay
- Virtual Account
- Bank Account
- Token Account
- Customer
- Billing Address
- Merchant Billing Address
- Shipping Address
- Merchant Shipping Address
- Corporate
- Recipient
- Merchant
- Marketplace & Cart
- Airline
- Lodging
- Passenger
- Tokenization
- Recurring Migration
- 3D Secure
- Custom Parameters
- Async Payments
- Webhook notifications
- Risk
- Response Parameters
- Card On File
- Chargeback
- Result Codes
- Brands Reference
- API Reference
- FAQ
Exemption Management
Exemptions are particular transactions that can be exempted from SCA, and they don't necessarily need explicit cardholder authentication. In a simpler way: they can be either authorized without previous authentication, or they will go through a frictionless flow during authentication which means the cardholder doesn't have to authenticate themselves with the issuer.
These exemptions are transactions which are:
- Low value
- Low risk
- Between cardholder and merchant, where the cardholder white-listed the merchant as a 'trusted beneficiary'
- Made with a corporate card
- Merchant takes liability for the transaction.
- The issuer has the power to override the exemption request.
- Some acquirers may not allow certain exemptions for their merchants. Merchants should consult with their acquirers to which extent can they use the exemption flags.
Exemption Management can automate the exemption recommendation process through Exemption Engine. It can determine whether the transaction is applicable for an exemption, based on the customer configured rules within the engine.
Customers can choose which exemptions are allowed at a PSP/channel level.
NOTE: Contact your Account Manager / Risk Analyst to setup Exemption Engine for your payments.
For more information related to exemption, please refer the Exemptions section under 3D Secure 2 Guide.
Exemption Management as a standalone service
Besides executing exemption with a regular payment, it is also possible to request for recommended exemption flag using a separate standalone endpoint.
How it works
The request is sent to the Exemption Engine which determines whether the transaction is applicable for an exemption, based on the configured rules in the engine. If the transaction is valid for an exemption, the exemption flag is returned in the response under risk details in "RiskRuleCategory" with a prefix "SCAEX_".
The flag value without the prefix can further be used in the payment request in the field - threeDSecure.exemptionFlag.
Send the standalone exemption request
Use the standalone endpoint to send the requests to the exemption engine:
https://eu-test.oppwa.com/v1/exemption
