Exemption Management

Exemption Management

Exemptions are particular transactions that can be exempted from SCA, and they don't necessarily need explicit cardholder authentication. In a simpler way: they can be either authorized without previous authentication, or they will go through a frictionless flow during authentication which means the cardholder doesn't have to authenticate themselves with the issuer.

These exemptions are transactions which are:

  • Low value
  • Low risk
  • Between cardholder and merchant, where the cardholder white-listed the merchant as a 'trusted beneficiary'
  • Made with a corporate card
It is important to know that in this case:
  • Merchant takes liability for the transaction.
  • The issuer has the power to override the exemption request.
  • Some acquirers may not allow certain exemptions for their merchants. Merchants should consult with their acquirers to which extent can they use the exemption flags.

Exemption Management can automate the exemption recommendation process through Exemption Engine. It can determine whether the transaction is applicable for an exemption, based on the customer configured rules within the engine.

Customers can choose which exemptions are allowed at a PSP/channel level.

NOTE: Contact your Account Manager / Risk Analyst to setup Exemption Engine for your payments.

For more information related to exemption, please refer the Exemptions section under 3D Secure 2 Guide.


Exemption Management as a standalone service

Besides executing exemption with a regular payment, it is also possible to request for recommended exemption flag using a separate standalone endpoint.


How it works

The request is sent to the Exemption Engine which determines whether the transaction is applicable for an exemption, based on the configured rules in the engine. If the transaction is valid for an exemption, the exemption flag is returned in the response under risk details in "RiskRuleCategory" with a prefix "SCAEX_".

The flag value without the prefix can further be used in the payment request in the field - threeDSecure.exemptionFlag.


Send the standalone exemption request

Use the standalone endpoint to send the requests to the exemption engine:

https://eu-test.oppwa.com/v1/exemption