SCA Exemption Control

A service that allows you to request exemption from Strong Customer Authentication (SCA).

Prerequisite: Before using exemption control (EC), please contact your Relationship Manager. You must have a Transaction Risk Analysis (TRA) system that isRegulatory Technical Standards (RTS)compliant forPayment Services Directive 2 (PSD2).

On this page:

Exemption Control Request

You can request two types of exemptions:

AttributeValueDescription
typeLVLow value exemption (less than 30 EUR).
typeLRLow risk exemption.

Optionally, you can request 2 different placement options:

ValueTransaction typeDescription
AUTHORISATION
(default)
Exemption request in authorisation flowIf the exemption is accepted by the issuer, the payment is authorised without any authentication.
AUTHENTICATIONExemption request in authentication flow.You must be enabled for3DS Flex, since you must send the additional 3DS data. If the exemption is accepted by the issuer, the authentication is frictionless.

A full example with <exemption type="LV" placement="AUTHORISATION">:

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd" >
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
    <submit>
        <order orderCode='YOUR_ORDER_CODE'>
            <description>test order</description>
            <amount value="100" currencyCode="EUR" exponent="2"/>
            <orderContent>
                <![CDATA[]]>
            </orderContent>
            <paymentDetails>
                <CARD-SSL>
                    <cardNumber>4444********1111</cardNumber>
                    <expiryDate>
                        <date month="06" year="2020"/>
                    </expiryDate>
                    <cardHolderName>EE.HONOURED_ISSUER_HONOURED.AUTHORISED</cardHolderName>
                    <cvc>666</cvc>
                    <cardAddress>
                        <address>
                            <firstName>Mr Bert</firstName>
                            <address1>Worldpay</address1>
                            <address2>270-289 The Science Park</address2>
                            <address3>Milton Road</address3>
                            <postalCode>CB4 0WE</postalCode>
                            <city>Cambridge</city>
                            <countryCode>GB</countryCode>
                        </address>
                    </cardAddress>
                </CARD-SSL>
                <session shopperIPAddress="127.0.0.1" id="ssn194781884"/>
            </paymentDetails>
            <shopper>
                <shopperEmailAddress>sp@worldpay.com</shopperEmailAddress>
                <browser>
                    <acceptHeader>text/html</acceptHeader>
                    <userAgentHeader>Mozilla/5.0 ...</userAgentHeader>
                </browser>
            </shopper>
            <!-- Exemption -->
            <exemption type="LV" placement="AUTHORISATION"/>
        </order>
    </submit>
</paymentService>

A full example with <exemption type="LR" placement="AUTHENTICATION">:

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="TESTAPI">
    <submit>
        <order orderCode="jsxml3873087168">
            <description>test order</description>
            <amount value="100" currencyCode="EUR" exponent="2"/>
            <orderContent>
                    <![CDATA[]]>
              </orderContent>
            <paymentDetails>
                <CARD-SSL>
                    <cardNumber>4000********1000</cardNumber>
                    <expiryDate>
                        <date month="06" year="2023"/>
                    </expiryDate>
                    <cardHolderName>AUTHORISED</cardHolderName>
                    <cvc>666</cvc>
                    <cardAddress>
                        <address>
                            <firstName>Mr Bert</firstName>
                            <address1>Worldpay</address1>
                            <address2>270-289 The Science Park</address2>
                            <address3>Milton Road</address3>
                            <postalCode>CB4 0WE</postalCode>
                            <city>Cambridge</city>
                            <countryCode>GB</countryCode>
                        </address>
                    </cardAddress>
                </CARD-SSL>
                <session shopperIPAddress="127.0.0.1" id="ssn873087168"/>
            </paymentDetails>
            <shopper>
                <shopperEmailAddress>sp@worldpay.com</shopperEmailAddress>
                <browser>
                    <acceptHeader>text/html</acceptHeader>
                    <userAgentHeader>Mozilla/5.0 ...</userAgentHeader>
                </browser>
            </shopper>
            <shippingAddress>
                <address>
                    <firstName>A</firstName>
                    <lastName>Customer</lastName>
                    <address1>1 A Place</address1>
                    <address2>A Town</address2>
                    <address3>Maybe</address3>
                    <postalCode>CB1 0EE</postalCode>
                    <city>Somewhere</city>
                    <countryCode>GB</countryCode>
                    <telephoneNumber>00000000000</telephoneNumber>
                </address>
            </shippingAddress>
            <echoData>141825580765685</echoData>
            <additional3DSData dfReferenceId="ABCDEFG" challengeWindowSize="250x400" challengePreference="challengeRequested"/>
            <exemption type="LR" placement="AUTHENTICATION"/>
        </order>
    </submit>
</paymentService>

Exemption Response

Responses for AUTHORISATION placement:

ElementAttributeDescription
<lastEvent>N/AStatus of the payment is AUTHORISED or REFUSED
<exemptionResponse>resultOne of the following values:
HONOURED
REJECTED
OUT_OF_SCOPE
<exemptionResponse>reasonOne of the following values based upon result attribute (bold)
HONOURED
  • ISSUER_HONOURED

OUT_OF_SCOPE
  • MIT
  • RECURRING
  • OLO

REJECTED
  • ISSUER_REJECTED
  • HIGH_RISK
  • INVALID
  • UNSUPPORTED_SCHEME
  • NOT_SUBSCRIBED
  • UNSUPPORTED_ACQUIRER

Example reponses:

Response Message - HONOURED

The issuer honoured the exemption and authorised the payment.

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
                                "http://secure.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
    <reply>
        <orderStatus orderCode='YOUR_ORDER_CODE'>
            <payment>
                <paymentMethod>VISA_CREDIT-SSL</paymentMethod>
                <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
                <lastEvent>AUTHORISED</lastEvent>
                <balance accountType="IN_PROCESS_AUTHORISED">
                    <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
                </balance>
                <cardNumber>4444********1111</cardNumber>
            </payment>
            <!-- Exemption -->
            <exemptionResponse result="HONOURED" reason="ISSUER_HONOURED">
                <exemption type="LV" placement="AUTHORISATION"/>
            </exemptionResponse>
        </orderStatus>
    </reply>
</paymentService>

Response Message - OUT_OF_SCOPE

The EC determines the OUT_OF_SCOPE result, but the issuer can still return values of AUTHORISED or REFUSED for lastEvent. Payments where the issuer/acquirer is outside the EEA are classified as one leg out. The <exemptionResponse> reason is OLO.

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
                                "http://secure.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
    <reply>
        <orderStatus orderCode='YOUR_ORDER_CODE'>
            <payment>
                <paymentMethod>VISA_CREDIT-SSL</paymentMethod>
                <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
                <lastEvent>AUTHORISED</lastEvent>
                <balance accountType="IN_PROCESS_AUTHORISED">
                    <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
                </balance>
                <cardNumber>4444********1111</cardNumber>
            </payment>
             <!-- Exemption -->
            <exemptionResponse result="OUT_OF_SCOPE" reason="OLO"/>
        </orderStatus>
    </reply>
</paymentService>

Response Message - REJECTED + ISSUER_REJECTED

The issuer rejected the exemption request and the payment.

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
                                "http://secure.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
    <reply>
        <orderStatus orderCode='YOUR_ORDER_CODE'>
            <payment>
                <paymentMethod>VISA_CREDIT-SSL</paymentMethod>
                <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
                <lastEvent>REFUSED</lastEvent>
                <ISO8583ReturnCode code="65" description="Authentication requested"/>
            </payment>
            <!-- Exemption -->
            <exemptionResponse result="REJECTED" reason="ISSUER_REJECTED">
                <exemption type="LV" placement="AUTHORISATION"/>
            </exemptionResponse>
        </orderStatus>
    </reply>
</paymentService>

Responses for AUTHENTICATION placement:

Response Message - HONOURED

The issuer honoured the exemption and authorised the payment.

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
                                "http://secure.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
    <reply>
        <orderStatus orderCode='YOUR_ORDER_CODE'>
            <payment>
                <paymentMethod>VISA_CREDIT-SSL</paymentMethod>
                <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
                <lastEvent>AUTHORISED</lastEvent>
                <balance accountType="IN_PROCESS_AUTHORISED">
                    <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
                </balance>
                <cardNumber>4444********1111</cardNumber>
            </payment>
            <!-- Exemption -->
            <exemptionResponse result="HONOURED" reason="ISSUER_HONOURED">
                <exemption type="LV" placement="AUTHENTICATION"/>
            </exemptionResponse>
        </orderStatus>
    </reply>
</paymentService>

If the payment is not AUTHORISED, the issuer requires a step-up challenge. This is signalled by the <challengeRequired> element in the response message. If this occurs, you must follow the3DS Flex challenge flowto complete the payment.