- Home
- All APIs
- WPG guide
- SCA Exemption Services
- Corporate exemptions
Corporate exemptions
Within the corporate world, there are some business-to-business transactions that will qualify for corporate exemptions.
A typical example is when a lodged or virtual card is used to book travel for anyone in a company.
In such a case, the transactions between Company X and the travel agency take place within a secure corporate environment, and it is not possible for authentication to take place.
Instead of subjecting these transactions to potential soft declines and authentication, you can apply a corporate exemption.
Before you begin
You do not need to have any exemption product for this feature to work.
If you are a merchant who uses the Exemption Engine Turn Key, you must process corporate exemptions under a separate merchant code. This keeps corporate exemptions separate from other types of exemption.
Exemption flow
Corporate exemptions follow a defined flow:
Step one: The request is validated to ensure that the exemption can be supported.
Step two: Payment is sent to authorisation with the corporate exemption.
Step three: Soft declined payments cannot be re-submitted for authentication and are treated as hard declines.
Exemption request
You can request an exemption for the following three paymentMethodMask
values:
- CARD-SSL
- VISA-SSL
- ECMC-SSL
Exemption types
You must submit an additional element of <exemption>
with attributes type
and placement
(both required). You must include placement="AUTHORISATION"
. Failure to include this attribute results in an XML validation error.
Attribute | Value |
---|---|
type | Possible Values:
|
placement | Possible Values:
|
The following request example uses <exemption type="CP" placement="AUTHORISATION">
:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd" >
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
<submit>
<order orderCode='YOUR_ORDER_CODE'>
<description>test order</description>
<amount value="100" currencyCode="EUR" exponent="2"/>
<orderContent>
<![CDATA[]]>
</orderContent>
<paymentDetails>
<CARD-SSL>
<cardNumber>4444********1111</cardNumber>
<expiryDate>
<date month="06" year="2020"/>
</expiryDate>
<cardHolderName>CORPORATE NAME</cardHolderName>
<cvc>666</cvc>
<cardAddress>
<address>
<address1>Worldpay</address1>
<address2>270-289 The Science Park</address2>
<address3>Milton Road</address3>
<postalCode>CB4 0WE</postalCode>
<city>Cambridge</city>
<countryCode>GB</countryCode>
</address>
</cardAddress>
</CARD-SSL>
<session shopperIPAddress="127.0.0.1" id="ssn194781884"/>
</paymentDetails>
<shopper>
<shopperEmailAddress>sp@worldpay.com</shopperEmailAddress>
<browser>
<acceptHeader>text/html</acceptHeader>
<userAgentHeader>Mozilla/5.0 ...</userAgentHeader>
</browser>
</shopper>
<!-- Exemption -->
<exemption type="CP" placement="AUTHORISATION"/>
</order>
</submit>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd" > <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <submit> <order orderCode='YOUR_ORDER_CODE'> <description>test order</description> <amount value="100" currencyCode="EUR" exponent="2"/> <orderContent> <![CDATA[]]> </orderContent> <paymentDetails> <CARD-SSL> <cardNumber>4444********1111</cardNumber> <expiryDate> <date month="06" year="2020"/> </expiryDate> <cardHolderName>CORPORATE NAME</cardHolderName> <cvc>666</cvc> <cardAddress> <address> <address1>Worldpay</address1> <address2>270-289 The Science Park</address2> <address3>Milton Road</address3> <postalCode>CB4 0WE</postalCode> <city>Cambridge</city> <countryCode>GB</countryCode> </address> </cardAddress> </CARD-SSL> <session shopperIPAddress="127.0.0.1" id="ssn194781884"/> </paymentDetails> <shopper> <shopperEmailAddress>sp@worldpay.com</shopperEmailAddress> <browser> <acceptHeader>text/html</acceptHeader> <userAgentHeader>Mozilla/5.0 ...</userAgentHeader> </browser> </shopper> <!-- Exemption --> <exemption type="CP" placement="AUTHORISATION"/> </order> </submit> </paymentService>
Exemption response
The response message contains information about the exemption result, type of exemption (if applied), and outcome.
Field | Attribute | Description |
---|---|---|
lastEvent | N/A | This field reflects either the status of the payment as AUTHORISED or REFUSED |
exemptionResponse | result | One of the following values:
|
exemption response | reason | One of the following values based upon result attribute (bold) HONOURED
OUT_OF_SCOPE
REJECTED
|
Exemption rejected at the initial validation
Exemption can be rejected in the initial validation step. The exemption result is OUT_OF_SCOPE if the payment is:
- MOTO
- MIT
- CONTACTLESS
- One Leg Out (OLO)
Mail order/Telephone Order, card-present CONTACTLESS and Merchant Initiated Transactions do not requires Strong Customer Authentication (SCA).
If either the issuer or acquirer are outside of the EEA the payment is out of scope of SCA. For these payment types an exemption is not required.
The exemption result is REJECTED when the following reasons apply:
- UNSUPPORTED_ACQUIRER
- UNSUPPORTED_SCHEME
- INVALID
Note: Not all acquirers and schemes are supported by corporate exemptions. Ask Your Worldpay Relationship Manager or Support team for the latest on supported acquirers and schemes.
Exemption is classed as invalid when you submit an exemption placement that is not supported (e.g. AUTHENTICATION).
Exemption rejected as high risk
When a payment is rejected by a fraud tool the exemption will be rejected as HIGH_RISK.
A payment with a rejected exemption proceeds to authorisation without an exemption.
Exemption is honoured
When the issuer honors the exemption, the response is HONOURED with the reason ISSUER_HONOURED.
When the issuer rejects it, the exemption result is REJECTED with the reason ISSUER_REJECTED.
If the issuer rejects an exemption applied in the authorisation, the rejection results in a soft decline. Due to the nature of the corporate environment, soft declined payments cannot be re-submitted for authentication. In this scenario, a soft decline should be handled as a hard decline.
Example response messages
The following example shows a message with <exemptionResponse>
result
of HONOURED and a reason
of ISSUER_HONOURED.In this case, the issuer honored the exemption and authorized the payment.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://secure.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
<reply>
<orderStatus orderCode='YOUR_ORDER_CODE'>
<payment>
<paymentMethod>VISA_CREDIT-SSL</paymentMethod>
<amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>AUTHORISED</lastEvent>
<balance accountType="IN_PROCESS_AUTHORISED">
<amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
</balance>
<cardNumber>4444**1111</cardNumber>
</payment>
<!-- Exemption -->
<exemptionResponse result="HONOURED" reason="ISSUER_HONOURED">
<exemption type="CP" placement="AUTHORISATION"/>
</exemptionResponse>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://secure.worldpay.com/dtd/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <reply> <orderStatus orderCode='YOUR_ORDER_CODE'> <payment> <paymentMethod>VISA_CREDIT-SSL</paymentMethod> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> <lastEvent>AUTHORISED</lastEvent> <balance accountType="IN_PROCESS_AUTHORISED"> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> </balance> <cardNumber>4444**1111</cardNumber> </payment> <!-- Exemption --> <exemptionResponse result="HONOURED" reason="ISSUER_HONOURED"> <exemption type="CP" placement="AUTHORISATION"/> </exemptionResponse> </orderStatus> </reply> </paymentService>
The issuer rejected the exemption request and the payment.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://secure.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
<reply>
<orderStatus orderCode='YOUR_ORDER_CODE'>
<payment>
<paymentMethod>VISA_CREDIT-SSL</paymentMethod>
<amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>REFUSED</lastEvent>
<ISO8583ReturnCode code="65" description="Authentication requested"/>
</payment>
<!-- Exemption -->
<exemptionResponse result="REJECTED" reason="ISSUER_REJECTED">
<exemption type="CP" placement="AUTHORISATION"/>
</exemptionResponse>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://secure.worldpay.com/dtd/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <reply> <orderStatus orderCode='YOUR_ORDER_CODE'> <payment> <paymentMethod>VISA_CREDIT-SSL</paymentMethod> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="65" description="Authentication requested"/> </payment> <!-- Exemption --> <exemptionResponse result="REJECTED" reason="ISSUER_REJECTED"> <exemption type="CP" placement="AUTHORISATION"/> </exemptionResponse> </orderStatus> </reply> </paymentService>
Worldpay returns a <lastEvent>
value of REFUSED. Additionally we are sending an element of <ISO8583ReturnCode>
with attributes code="65"
and description="AUTHENTICATION REQUESTED"
.
Note: You must have extended response codes enabled to identify soft declines.
The following example shows a message with <exemptionResponse>
result
of OUT_OF_SCOPE and a reason
of OLO. The EE determines the OUT_OF_SCOPE condition (result/response), but the issuer can still return values of AUTHORISED or REFUSED for <lastEvent>
.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://secure.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
<reply>
<orderStatus orderCode='YOUR_ORDER_CODE'>
<payment>
<paymentMethod>VISA_CREDIT-SSL</paymentMethod>
<amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>AUTHORISED</lastEvent>
<balance accountType="IN_PROCESS_AUTHORISED">
<amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
</balance>
<cardNumber>4444**1111</cardNumber>
</payment>
<!-- Exemption -->
<exemptionResponse result="OUT_OF_SCOPE" reason="OLO"/>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://secure.worldpay.com/dtd/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <reply> <orderStatus orderCode='YOUR_ORDER_CODE'> <payment> <paymentMethod>VISA_CREDIT-SSL</paymentMethod> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> <lastEvent>AUTHORISED</lastEvent> <balance accountType="IN_PROCESS_AUTHORISED"> <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> </balance> <cardNumber>4444**1111</cardNumber> </payment> <!-- Exemption --> <exemptionResponse result="OUT_OF_SCOPE" reason="OLO"/> </orderStatus> </reply> </paymentService>
Rejected responses
The following examples shows a message with <exemptionResponse>
result
of REJECTED and a reason
of HIGH_RISK. This would occur if the payment is refused by the risk tool:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
"http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"
<paymentService version="1.4" merchantCode="YOUR MERCHANT CODE">
<reply>
<orderStatus orderCode="YOUR ORDER CODE">
<payment>
<paymentMethod>VISA-SSL</paymentMethod>
<amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>REFUSED</lastEvent>
<ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/>
<CVCResultCode description="NOT SENT TO ACQUIRER"/>
<AVSResultCode description="NOT SENT TO ACQUIRER"/>
<riskScore Provider="RiskManagement" finalScore="171"/>
</payment>
<!-- Exemption -->
<exemptionResponse result="REJECTED" reason="HIGH_RISK"/>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd" <paymentService version="1.4" merchantCode="YOUR MERCHANT CODE"> <reply> <orderStatus orderCode="YOUR ORDER CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="100" currencyCode="GBP" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/> <CVCResultCode description="NOT SENT TO ACQUIRER"/> <AVSResultCode description="NOT SENT TO ACQUIRER"/> <riskScore Provider="RiskManagement" finalScore="171"/> </payment> <!-- Exemption --> <exemptionResponse result="REJECTED" reason="HIGH_RISK"/> </orderStatus> </reply> </paymentService>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd"
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
<reply>
<orderStatus orderCode="YOUR_ORDER_CODE">
<payment>
<paymentMethod>VISA-SSL</paymentMethod>
<amount value="4000" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
<lastEvent>REFUSED</lastEvent>
<ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/>
<CVCResultCode description="NOT SENT TO ACQUIRER"/>
<AVSResultCode description="NOT SENT TO ACQUIRER"/>
<riskScore Provider="FraudSight" finalScore="100" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"/>
<FraudSight score="0.00666" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk">
<reasonCodes>
<reasonCode>Card Unfamiliarity</reasonCode>
<reasonCode>High Risk Email</reasonCode>
</reasonCodes>
</FraudSight>
</payment>
<!-- Exemption -->
<exemptionResponse result="REJECTED" reason="HIGH_RISK"/>
</orderStatus>
</reply>
</paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.wp.fte08.test.worldpay.com/dtd/paymentService_v1.dtd" <paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <reply> <orderStatus orderCode="YOUR_ORDER_CODE"> <payment> <paymentMethod>VISA-SSL</paymentMethod> <amount value="4000" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/> <lastEvent>REFUSED</lastEvent> <ISO8583ReturnCode code="34" description="FRAUD SUSPICION"/> <CVCResultCode description="NOT SENT TO ACQUIRER"/> <AVSResultCode description="NOT SENT TO ACQUIRER"/> <riskScore Provider="FraudSight" finalScore="100" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"/> <FraudSight score="0.00666" id="ae69cd9f-8031-419d-ae6b-fce0a98a33ef" message="high-risk"> <reasonCodes> <reasonCode>Card Unfamiliarity</reasonCode> <reasonCode>High Risk Email</reasonCode> </reasonCodes> </FraudSight> </payment> <!-- Exemption --> <exemptionResponse result="REJECTED" reason="HIGH_RISK"/> </orderStatus> </reply> </paymentService>
Testing corporate exemptions
The following sections provide information about testing corporate exemptions in various scenarios.
Submit the values to test corporate exemptions in the authorisation flow and receive known responses. The system returns the response data shown in the last column below.
Issuer responses
Magic Value | Overview | Response Data |
---|---|---|
EE.HON_ISSUER_HONOURED.AUTHRD The gateway honoured the exemption and the issuer AUTHORISED the payment. | Exemption: CP Path: Happy | lastEvent = AUTHORISED result = HONOURED reason = ISSUER_HONOURED |
EE.REJ_ISSUER_REJECTED.SD The gateway honoured the exemption, but the issuer REFUSED (soft declined) the payment. | Exemption: CP Path: Unhappy | lastEvent = REFUSED result = REJECTED reason = ISSUER_REJECTED |
High Risk
Magic Value | Overview | Response Data |
---|---|---|
EE.REJ_HIGH_RISK.AUTHRD The gateway rejected the exemption for high risk, but the issuer AUTHORISED the payment. | Exemption: CP Risk: High Path: Happy | lastEvent = AUTHORISED result = REJECTED reason = HIGH_RISK |
EE.REJ_HIGH_RISK.SD The gateway rejected the exemption for high risk and the issuer REFUSED (soft declined) the payment. | Exemption: CP Risk: High Path: Unhappy | lastEvent = REFUSED result = REJECTED reason = HIGH_RISK |
Out-of-Scope Payment (MIT)
Magic Value | Overview | Response Data |
---|---|---|
EE.OOS_MIT.AUTHRD The gateway excludes the exemption, because it was identified as MIT, but the issuer AUTHORISED the payment. | Exemption: CP Payment Type: MIT Path: Happy | lastEvent = AUTHORISED result = OUT_OF_SCOPE reason = MIT |
EE.OOS_MIT.SD The gateway excludes the exemption, because it was identified as MIT and the issuer REFUSED (soft declined) the payment. | Exemption: CP Payment Type: MIT Path: Unhappy | lastEvent = REFUSED result = OUT_OF_SCOPE reason = MIT |
Out-of-Scope Payment (MOTO)
Magic Value | Overview | Response Data |
---|---|---|
EE.OOS_MOTO.AUTHRD The gateway excludes the exemption, because it was identified as MOTO, but the issuer AUTHORISED the payment. | Exemption: CP Payment Type: MOTO Path: Happy | lastEvent = AUTHORISED result = OUT_OF_SCOPE reason = MOTO |
EE.OOS_MOTO.SD The gateway excludes the exemption, because it was identified as CONTACTLESS and the issuer REFUSED (soft declined) the payment. | Exemption: CP Payment Type: MOTO Path: Unhappy | lastEvent = REFUSED result = OUT_OF_SCOPE reason = MOTO |
Out-of-Scope Payment (Contactless)
Magic Value | Overview | Response Data |
---|---|---|
EE.OOS_CONTACTLESS.AUTHRD The gateway excludes the exemption, because it was identified as CONTACTLESS, but the issuer AUTHORISED the payment. | Exemption: CP Payment Type: CONTACTLESS Path: Happy | lastEvent = AUTHORISED result = OUT_OF_SCOPE reason = CONTACTLESS |
EE.OOS_CONTACTLESS.SD The gateway excludes the exemption, because it was identified as CONTACTLESS and the issuer REFUSED (soft declined) the payment. | Exemption: CP Payment Type: CONTACTLESS Path: Unhappy | lastEvent = REFUSED result = OUT_OF_SCOPE reason = CONTACTLESS |
Out-of-Scope Payment (OLO)
Magic Value | Overview | Response Data |
---|---|---|
EE.OOS_OLO.AUTHRD The gateway excludes the exemption, because it was identified as OLO, but the issuer AUTHORISED the payment. | Exemption: CP Payment Type: OLO Path: Happy | lastEvent = AUTHORISED result = OUT_OF_SCOPE reason = OLO |
EE.OOS_OLO.SD The gateway excludes the exemption, because it was identified as OLO and the issuer REFUSED (soft declined) the payment. | Exemption: CP Payment Type: OLO Path: Unhappy | lastEvent = REFUSED result = OUT_OF_SCOPE reason = OLO |
Incorrect Exemption Request
Magic Value | Overview | Response Data |
---|---|---|
EE.REJ_INVALID.AUTHRD The gateway rejected the exemption, because it was an invalid exemption but the issuer AUTHORISED the payment. | Exemption: CP Path: Happy | lastEvent = AUTHORISED result = REJECTED reason = INVALID |
EE.REJ_INVALID.SD The gateway rejected the exemption, because it was an invalid exemption and the issuer REFUSED (soft declined) the payment. | Exemption: CP Payment Type: CP Path: Unhappy | lastEvent = REFUSED result = REJECTED reason = INVALID |
Unsupported Scheme
Magic Value | Overview | Response Data |
---|---|---|
EE.REJ_UNSUPPTD_SCHEME.AUTHRD The gateway rejected the exemption, because of an unsupported scheme, but the issuer AUTHORISED the payment. | Exemption: CP Path: Happy | lastEvent = AUTHORISED result = REJECTED reason = UNSUPPORTED_SCHEME |
EE.REJ_UNSUPPTD_SCHEME.SD The gateway rejected the exemption, because it was an unsupported scheme and the issuer REFUSED (soft declined) the payment. | Exemption: CP Payment Type: CP Path: Unhappy | lastEvent = REFUSED result = REJECTED reason = UNSUPPORTED_SCHEME |