Where there are laws, there are loopholes. Where there are conditions, there are caveats. New EU strong customer authentication (SCA) requirements apply to every electronic transaction, but naturally there are exceptions…

We’ve been receiving a lot of questions about SCA exemptions and what this means for those using the ANYpay gateway, so explain the key points in this blog.


The following scenarios are exempt from SCA requirements:

  • Anonymous transactions — for example prepaid gift cards not issued to an identifiable person.

  • Contactless payments — face-to-face transactions at contactless readers up to €50, or equivalent in the processing currency, with a cumulative limit of €150 or five consecutive transactions.

  • Low-value ecommerce payments — transactions up to €30, or equivalent in the processing currency, with a cumulative limit of €100 or five consecutive transactions.

  • Mail order/telephone order transactions — are out of scope.

  • Merchant-initiated transactions — typically recurring payments by agreement between the cardholder and merchant. Once agreed, merchants may initiate subsequent payments without SCA from the cardholder. If the mandate to start these transactions is provided through a remote channel, SCA applies to the set-up/first transaction.

  • One leg out transactions — when either the card issuer or acquirer are located outside the European Economic Area (EEA) e.g. a shopper using a Chinese-issued card at an EEA e-commerce retailer.

  • Secure corporate payments — made through dedicated corporate processes and protocols, e.g. lodge cards, central travel accounts and virtual cards.

  • Transaction risk analysis (TRA) — where effective risk analysis tools are in place such that fraud rates remain within certain strictly monitored parameters.

  • Transport fares or parking — at unattended devices (e.g. fare gates and parking meters) are out of scope.

  • Trusted beneficiaries — added by the cardholder to a list of trusted beneficiaries held by their card issuer, sometimes also known as ‘white-listing’.


How PXP Financial can help

PXP Financial’s ANYpay gateway already supports both 3DS 1.0 and 3DS 2.0 and is certified with the main international card schemes to that end. This means we can automatically use the 3DS version supported by the cardholder’s issuer. We can also automatically render the authentication pop-up window for the cardholder’s device to help make the process as smooth as possible.

We have devised four SCA policies for processing online payments. These suit all merchants, sectors and geographies. We’re working with client to implement them in the way that best fits their trading patterns and customer base.

For more information on the policies, please visit https://developer.pxp-solutions.com/reference#sca-policy. Our ANYpay online developer hub also contains various integration guides, API references, examples and test scripts and is publicly available at https://developer.pxp-solutions.com.

For more information or a consultation, e-mail sales@pxpfinancial.com or complete your details on the contact form below.

New call-to-action