Introduction

The PSD2, or the Revised Payment Services Directive, is a European regulation aimed at enhancing consumer protection, fostering innovation, and improving payment security in the financial industry. One of the key aspects of the PSD2 is the introduction of Strong Customer Authentication (SCA) requirements for online transactions.

Exemptions to these SCA requirements have been made to reduce friction in the customer journey and allow for a more seamless payment experience. Some of the exemption types under PSD2 are:

1. Low-value transactions: Payments below €30 may be exempt from SCA. However, if the payer has initiated more than five consecutive low-value transactions, or the total payments made exceed €100, SCA will be required.

2. Recurring payments: Regular, recurring payments with a fixed amount, such as subscriptions, may be exempt from SCA after the first transaction.

3. Low-risk transactions: Payments deemed low-risk based on the payment service provider's fraud monitoring systems may be exempt from SCA requirements.

4. Trusted beneficiaries: Customers may add trusted beneficiaries to a 'whitelist' after an initial SCA, allowing exemptions for future transactions with that merchant or payee.

5. Secure corporate payments: Payments made through dedicated corporate processes and protocols may be exempt from SCA.

6. Contactless payments at point-of-sale: Some contactless transactions (e.g., payments under €50) may be exempt from SCA at the physical point-of-sale.

It's important to note that while these exemptions exist, payment service providers and banks have the final say on whether to apply them or not, depending on each transaction's specific circumstances and their fraud management strategies.

Exemption Type