SCA exemptions mandatory for transactions not authenticated via 3DS 2.0 (or higher)

Mastercard 13/04/2021

What’s changing?

Mastercard requires that all intra-EEA electronic payment transactions that are not being authenticated with 3DS 2.0 (or higher) have a valid exemption indicator in the authorization request. Not meeting these requirements will result in a fee.

What do these changes mean?

As of January 2021, PSD2’s Strong Customer Authentication (SCA) regulations have been in place. All intra-EEA electronic payments must be authenticated with SCA. However, specific type of transaction can be exempt from SCA. You can read more about which transactions qualify for this in our FAQs (question number 9).

As per Mastercard’s latest Data Integrity edit, it’s required that all transactions that aren’t being authenticated with 3DS 2.0 (or higher), must have a valid exemption indicator in the authorization request. Not meeting these rules will result in additional fees on an acquirer level.

How will this affect you?

Number one rule still is that all intra-EEA electronic payments must be authenticated with SCA. When an exempt is applicable, you must make use of valid exemption indicators. If you don’t, the fee that is charged to us as an acquirer, will be passed onto you, as a merchant, based on your transaction volume and your contribution percentage to non-compliance.

Effective date

October 1, 2021

Do you need more info? Please feel free to reach out to your dedicated Account Manager, or the Payvision support team at [email protected]