SCA Exemption Turn Key (Direct)

The SCA Exemption Turn Key maximises a frictionless checkout, using transaction data to predict card issuer behaviour. SCA Exemption Turn Key uses real time risk analysis of transactions to exempt as many as possible from SCA (Strong Customer Authentication).

Prerequisites: You must be set up for SCA Exemption Turn Key. For the optimal experience we strongly recommend being set up with 3DS Flex too. Contact your Relationship Manager for details.

Exemption flow

SCA Exemption Turn Key automatically applies an exemption request to all qualifying payment requests. Worldpay identifies the payments that are SCA mandated and attempt to exempt them.

The exemption request follows a defined flow.

Step one: The request is validated to ensure that payment is in scope of SCA and the exemption can be supported.

Step two: Exemption Engine (EE) performs the Transaction Risk Assessment (TRA) and decides if exemption can be honoured by Worldpay.

Step three: The exemption is placed in accordance with EE recommendation.

Step four: Payment is sent to authorisation with or without an exemption - depending on the EE decision. Payments that are not exempt will be authenticated, provided you are subscribed to an authentication service.

Step five: You or Worldpay can re-submit soft declined payments for authentication without an exemption. You need to be able to identify the soft declines and re-submit the payment for authentication as a new order.

Exemption Turn Key flow

Integration overview

This is a Turn Key service, no technical integration is required.

Before you decide whether this service is appropriate for you, consider the following:

  1. If you process CIT transactions with usage FIRST (under stored credentials framework), you must route them via a Merchant Code that is not subscribed to Exemption Engine Turn Key
  2. If a payment is One-Leg-Out (OLO), it will automatically go to authentication. To avoid authentication on payments outside of the EEA, route the payment via a Merchant Code that is not subscribed to Exemption Engine Turn Key. If you cannot ascertain whether payment is OLO before submitting the order to Worldpay, and you still wish to skip authentication, speak to your Relationship Manager about other options to manage authentication on OLO payments
  3. If a payment with an exemption is soft-declined, Worldpay can recycle the payment and authenticate it on your behalf. See theSoft Decline Loopsection below.
  4. No exemption information is returned in the XML response. You can use the SCA Exemption Acceptance report to review the payment status.

Identify a soft decline

Note: You must haveextended response codesenabled to identify soft declines.

You can identify a soft decline where Worldpay return a <lastEvent> value of REFUSED.

Look for the <ISO8583ReturnCode> with the attributes code="65" and description="AUTHENTICATION REQUESTED".

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "" >
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
    <orderStatus orderCode='YOUR_ORDER_CODE'>
        <amount value="100" currencyCode="EUR" exponent="2" debitCreditIndicator="credit"/>
        <ISO8583ReturnCode code="65" description="Authentication requested"/>

Soft decline loop

Soft decline loop is a feature of the SCA Exemption Turn Key product. The eligible soft declined transactions are re-processed and authenticated automatically under the same Order Code. You can expect the soft decline loop to take place when:

  • You are subscribed to SCA Exemption Turn Key and 3DS Flex products
  • You have submitted 3DS Flex mandatory element of <additional3DSdata> and <session ID> in the original payment request
  • LR or LV exemption was applied in authorisation on the original payment request
  • Payment status of the original payment is SOFT_DECLINED
  • The original payment is not One-Leg-Out (OLO)

The XML response to the original payment that contains a <lastEvent> value of REFUSED and an element of <ISO8583ReturnCode> with attributes code="65" and description="AUTHENTICATION REQUESTED" is not returned when the soft decline loop is triggered. You can expect the final XML response with a <lastEvent> value of AUTHORISED or REFUSED once the soft decline loop transaction has completed.

Contact your Relationship Manager for further details, and to have the soft decline loop feature enabled.

Worlpday Device JavaScript Collector

To fully comply with the PSD2 mandate when performing Transaction Risk Analysis (TRA), the Exemption Engine needs to use device data within its risk decision before applying for an exemption. This data needs to be collected on a ‘best efforts’ basis and we strongly recommend using ThreatMetrix to collect device data. We use the data to optimise your exemption, providing more accurate decisioning and fewer issuer soft declines.

ThreatMetrix collects and sends device fingerprint and geo-location data that relates to a shopper’s payment. You use JavaScript to send all this data to ThreatMetrix.

Obtain theJavaScript toolkitfrom Worldpay.

Contact your Relationship Manager for further details, and to have the SCA Exemption Turn Key enabled.