Skip to main content

Overview

Strong Customer Authentication (SCA) is a regulatory requirement under the EU’s PSD2 directive that mandates multi-factor authentication for electronic payments. While SCA improves security, it adds friction to the checkout process. SCA exemptions allow you to request that certain eligible transactions bypass the full authentication challenge, improving conversion rates while remaining compliant. Yuno supports requesting SCA exemptions through the 3DS authentication flow. The issuing bank makes the final decision on whether to grant the exemption.

Exemption Categories

ExemptionCriteriaMax AmountUse Case
Low ValueTransaction below thresholdEUR 30 (cumulative limit: EUR 100 or 5 transactions)Small purchases
Low Risk (TRA)Merchant’s fraud rate below thresholdEUR 500 (varies by fraud rate)Trusted merchants with low fraud
Trusted BeneficiaryCustomer whitelisted the merchantNo limitReturning customers
Recurring (Fixed)Same amount, same payee, recurringNo limit (after initial SCA)Subscriptions
Merchant InitiatedTransaction initiated by merchant, not customerNo limit (after initial SCA)Scheduled charges, top-ups
Corporate CardsB2B payments with corporate cardsNo limitBusiness purchases
SCA exemptions are requests, not guarantees. The issuing bank has the final authority to grant or deny an exemption. If denied, the transaction will proceed with full 3DS authentication.

Requesting an Exemption

Include the sca_exemption field in your payment request: 
{
  "amount": { "value": 25.00, "currency": "EUR" },
  "country": "DE",
  "payment_method": {
    "type": "CARD",
    "token": "tok_card_abc123"
  },
  "three_d_secure": {
    "enabled": true,
    "sca_exemption": {
      "type": "LOW_VALUE"
    }
  }
}

TRA Fraud Rate Thresholds

Transaction Risk Analysis (TRA) exemptions are available based on your fraud rate:
Merchant Fraud RateMax Exemption Amount
Below 0.13%EUR 100
Below 0.06%EUR 250
Below 0.01%EUR 500
TRA exemptions require Yuno or your acquirer to calculate and maintain fraud rate metrics. If your fraud rate exceeds the threshold, TRA exemptions for that amount tier will be denied. Monitor your fraud rate in the Yuno Dashboard.

Exemption Flow

Payment Request (with exemption)

    ├── Sent to issuer via 3DS
    │     │
    │     ├── Exemption GRANTED ──> Frictionless approval
    │     │
    │     └── Exemption DENIED ──> Challenge required
    │                                  │
    │                                  └── Customer authenticates

    └── Payment processed

Response Handling

The 3DS response indicates whether the exemption was applied: 
{
  "three_d_secure": {
    "status": "AUTHENTICATED",
    "version": "2.2",
    "sca_exemption": {
      "type": "LOW_VALUE",
      "applied": true
    },
    "eci": "05"
  }
}

Recurring Payment Exemptions

For subscriptions and recurring payments, SCA is required only for the initial transaction. Subsequent charges can use the RECURRING_FIXED exemption: 
{
  "three_d_secure": {
    "enabled": true,
    "sca_exemption": {
      "type": "RECURRING_FIXED",
      "initial_transaction_id": "pay_initial_abc123"
    }
  }
}
The initial subscription payment must be fully authenticated with SCA. Reference the initial transaction ID in subsequent recurring charges to qualify for the exemption.

Best Practices

  • Start with low-risk exemptions: Low value and TRA are the most commonly granted.
  • Always handle denial gracefully: If an exemption is denied, fall back to full 3DS authentication seamlessly.
  • Monitor fraud rates: Keep your fraud rate well below TRA thresholds to maintain eligibility.
  • Use for returning customers: Trusted beneficiary exemptions improve UX for loyal customers.
  • Combine with risk scoring: Only request exemptions for transactions your fraud engine considers low-risk.