Sometimes neither the merchant nor the customer know the final transaction amount when an online order is placed. We explain how to navigate these various scenarios under the strong customer authentication (SCA) rules.
Strong customer authentication requirements are now effective across Europe. Some electronic transaction require multi-factor authentication. That’s two or more of the following ‘factors’: something the payer knows, something they have or something they are. This is all part of a European Directive (the Payment Service Directive or PSD2 for short) to help make online banking and payments more secure.
In this blog, we’ll explain the different ways in which the authentication and authorisation process can work for scenarios when the final amount is not known at checkout. This may be when shipping costs or taxes are added, when goods are sold by weight, or are substituted after checkout.
Or if the final amount varies due to actions by the customer, such as adding items to their basket after checkout, as with online grocery shopping.
Unknown final amount: merchant-initiated
According to European Bank Authority (EBA) guidance, the final authorised amount cannot be higher than the authenticated amount.
When the final amount varies due to circumstance not initiated by the customer:
- Either process the initial authorisation as such (an initial amount) and then the additional unauthenticated amount as a merchant-initiated transaction (MIT).
- Or authenticate a maximum expected estimated amount at checkout and then perform a reversal for the amount difference.
Option 1: MIT incremental authorisation
- Explain clearly in the terms and conditions how the final amount will be calculated and when it will be collected. The customer must agree to these terms
- Authenticate a known ‘initial’ amount
- Request a SCA challenge. This is a requirement when setting up an agreement for a future MIT. It is not possible to use an exemption here
- Receive authorisation for the authenticated amount
- At completion or fulfilment of the order:
- If the final amount is lower than the ‘initial amount, perform a transaction reversal for the amount difference
- The final amount is cleared and settled
- The customer sees a single transaction for the final amount on their bank/card statement
Option 2: Maximum expected estimated
- Explain clearly in the terms and conditions that the customer will be authenticated for a maximum amount yet will only be charged for what they purchase. This may be lower than the authenticated amount. Explain when the charge will be collected. The customer must agree to these terms
- Authenticate a known maximum expected amount
- Complete the SCA challenge if requested by the issuer (exemptions can be used if applicable as this is a customer-initiated transaction)
- At completion or fulfilment of the order, the final amount can only be lower or equal to the maximum expected amount authenticated
- If the final amount is lower than the maximum expected amount, perform a transaction reversal for the amount difference
- The final amount is cleared and settled
- The customer sees a single transaction for the final amount on their bank/card statement
Unknown final amount: customer-initiated
Sometimes the final amount may vary due to circumstances directly initiated by the customer. For example in online grocery sales, the customer may add items to their basket after checkout but before delivery, which the merchant could not have foreseen.
A merchant cannot simply do an MIT for any additional amounts as these are customer-initiated transactions. And an MIT is defined as one or a series of transactions governed by an agreement between the cardholder and the merchant. Once an agreement is in place, the merchant can initiate payments without direct involvement from the customer.
When the final amount varies due to circumstances initiated by the customer:
- Either re-authenticate amounts each time the customer adds to the basket
- Or authenticate at checkout for a highest estimated amount
Option 1: Re-authenticate each time
- Authenticate for initial order amount
- Perform zero value account verification (authorisation)
- Authenticate each new total cumulative amount each time the customer adds to their basket
- At completion or fulfilment of the order, authorise for the latest authenticated amount (or lower)
- The final amount is cleared and settled
- The customer sees a single transaction for the final amount on their bank/card statement
Option 2: Highest estimated amount
- Authenticate for maximum expected estimated amount
- Perform zero value account verification (authorisation)
- Authenticate again only if the new total exceeds the maximum expected estimated amount
- At completion or fulfilment of the order, authorise for the final amount
- The final amount is cleared and settled
- The customer sees a single transaction for the final amount on their bank/card statement
How PXP Financial can help
We have devised strong customer authentication policies for processing online payments to suit all merchants, sectors and geographies. And are working with merchants on implementing them in the way that best fits their trading patterns and customer base.
For more information on the policies, integration guides, test scripts or for a consultation on your particular requirements, please e-mail sales@pxpfinancial.com or complete your details on the contact form below.