- Introduction to Payments
- Standard Payment Processing
- Card Present Connect | Retail Processing
- Authorization with Contact EMV and Online PIN
- Authorization with Contact EMV and Offline PIN
- Card Present Connect | Mass Transit Processing
- Debit and Prepaid Card Processing
- Processing Debit and Prepaid Authorizations
- Airline Data Processing
- Japanese Payment Options Processing
- Processing Payments Using Credentials
- Using Stored Customer Credentials During a CIT
- Merchant-Initiated Delayed Transaction with PAN
- Merchant-Initiated Incremental Transaction with PAN
- Merchant-Initiated No-Show Transactions with PAN
- Merchant-Initiated Reauthorization Transactions with PAN
- Merchant-Initiated Resubmission Transaction with PAN
- Installment Payments
- Recurring Payments
- Merchant-Initiated Recurring Payments with PAN
- Token Management Service Processing
On This Page
REST API | Visa Platform Connect
Authorizations with Strong Customer Authentication
Exemption
This section shows you how to process an authorization with a strong customer authentication
(SCA) exemption.
You can use SCA exemptions to streamline the payment process. SCA exemptions are part of the
European second Payment Services Directive (PSD2) and allow certain types of low-risk
transactions to bypass additional authentication steps while still remaining compliant with
PSD2. You can choose which exemption can be applied to a transaction, but the card-issuing
bank actually grants an SCA exemption during card authentication.
You can process an authorization with two types of SCA exemptions:
- Exemption on Authorization: Send an authorization without payer authentication and request an SCA exemption on the authorization. If it is not approved, you may be required to request further authentication upon retry.
- Exemption on Authentication: Request an SCA exemption during payer authentication and if successful, send an authorization including the SCA exemption details.
Depending on your processor, use one of these exemption fields:
IMPORTANT
If you send more than one SCA exemption field with a single
authentication, the transaction is denied.
- Authentication Outage: Payer authentication is not available for this transaction due to a system outage.
- B2B Corporate Card: Payment cards specifically for business-to-business transactions are exempt.
- Delegated Authentication: Payer authentication was performed outside of the authorization workflow.
- Follow-On Installment Payment: Installment payments of a fixed amount are exempt after the first transaction.
- Follow-On Recurring Payment: Recurring payments of a fixed amount are exempt after the first transaction.
- Low Risk: The average fraud levels associated with this transaction are considered low.
- Low Value: The transaction value does not warrant SCA.
- Merchant Initiated Transactions: As follow-on transactions, merchant-initiated transactions are exempt.
- Stored Credential Transaction: Credentials are authenticated before storing, so stored credential transactions are exempt.
- Trusted Merchant: Merchants registered as trusted beneficiaries.
Exemption Fields Specific to the Strong Customer Authentication Use Case
Use one of these fields to request an SCA exemption:
Exemption Type | Field | Value |
---|---|---|
Authentication Outage | consumerAuthenticationInformation. strongAuthentication.
authenticationOutageExemptionIndicator | 1 |
B2B Corporate Card Transaction | consumerAuthenticationInformation. strongAuthentication.
secureCorporatePaymentIndicator | 1 |
Delegated Authentication | consumerAuthenticationInformation. strongAuthentication.
delegatedAuthenticationExemptionIndicator | 1 |
Low-Risk Transaction | consumerAuthenticationInformation. strongAuthentication.
riskAnalysisExemptionIndicator | 1 |
Low-Value Transaction | consumerAuthenticationInformation. strongAuthentication.
lowValueExemptionIndicator | 1 |
Trusted Merchant Transaction | consumerAuthenticationInformation. strongAuthentication.
trustedMerchantExemptionIndicator | 1 |
Country-Specific Requirements
These fields are specific to certain countries and regions.
Argentina
- merchantInformation.taxId
- Required for Mastercard transactions.
- merchantInformation.transactionLocalDateTime
- Required when the time zone is not included in your account. Otherwise, this field is optional.
Brazil
- paymentInformation.card.sourceAccountType
- Required for combo card transactions.
- paymentInformation.card.sourceAccountTypeDetails
- Required for combo card line-of-credit and prepaid-card transactions.
Chile
- merchantInformation.taxId
- Required for Mastercard transactions.
Paraguay
- merchantInformation.taxId
- Required for Mastercard transactions.
Saudi Arabia
- processingInformation.authorizationOptions.transactionMode
Taiwan
- paymentInformation.card.hashedNumber
Endpoint
Production:
POST
https://api.cybersource.com
/pts/v2/paymentsTest:
POST
https://apitest.cybersource.com
/pts/v2/payments