Under the new regulations, certain types of transactions will be exempted from Strong Customer Authentication (SCA) policies. These types of transactions are low-risk payments, usually defined by the cardholder’s bank. As SCA would force the inclusion of an authentication step, these exemptions can be very useful for creating a better friction-free customer experience wherever applicable.

These exemptions are detailed in the FCA’s Payment Services and Electronic Money Approach document. We’ve outlined some of the most relevant exemptions below.


1. Low-risk transactions

These apply when the payment provider’s or bank’s overall fraud rates for card payments do not exceed 0.13% for transactions up to €100, 0.06% for transactions up to €250, or 0.01% for transactions up to €500.

2. Payments below €30

Transactions below €30 will be considered low value. Therefore, they may be exempted from SCA. However, there is a condition – if the exemption has been used five times since the last successful authentication or if the sum of the previously-exempted payments is over €100, then SCA may be applied.

3. Fixed-amount subscriptions

If the customer is making a series of recurring payments to the same business for the same value, SCA will only be required for the first payment.

4. Merchant-initiated transactions

Similar to the previous exemption, this applies especially when the amount is variable. If the customer has saved the card that they’re making the payment with, these would qualify as merchant-initiated transactions, and would be exempted from SCA. In this case, the card need only be authenticated when it’s being saved or during first payment.

5. Trusted beneficiaries

Customers can declare specific businesses that they trust as a “trusted beneficiary”, which would allow for an exemption.

6. Phone sales

Using a phone to collect card details may fall outside the scope of SCA as well as it might be considered a MOTO (Mail Order and Telephone Order) transaction. This would depend on the cardholder’s bank’s decision.

7. Corporate payments

B2B payments made with a corporate card or one that uses a virtual card number may be exempted from SCA.

8. Inter-regional transaction

If the issuer or the acquirer of the card is not based in Europe, the transaction will not require SCA.


There are a few other transactions that are exempted that may bear paying attention to, such as:

  • Accessing account information (such as balance, or prior transactions made in the past 90 days)
  • Transactions made at unattended terminals for transportation and parking fees
  • Credit transfers between accounts held by the same person
  • Contactless payments made at point of sale where the individual transaction amount is less than €50. In this case, the customer must have also initiated five or fewer transactions, or the customer’s total payments have not exceeded €150 since the last time SCA was applied.

At Penser, we specialize in consulting in FinTech, payments and open banking. We are helping our clients navigate the new PSD2 regulation and supporting them through their transformation journeys. To learn more, check out our digital transformation service page.

Not sure what SCA is? Check out our introduction to Strong Customer Authentication!


Recent Posts

Innovation in Digital Banks – A Global Snapshot

In the last decade, digital banking has grown in leaps and bounds with several startups...

Confirmation of Payee in the UK now has a 2020 deadline

On August 2, 2019, the UK’s Payment Systems Regulator (PSR) ordered the six large...

Australia starts their Open Banking journey

On August 1, 2019, the Consumer Data Right (CDR), an initiative introduced in November...

How valuable is the customer to a digital bank?

In recent years, digital challenger banks have rapidly established their value to...

So you want to know about cryptowallets…

With the recent launch of Facebook’s Libra, there has been renewed interest in the vast...

Digital Banking Engagement Platforms – Who Leads the Market?

A Digital Banking Engagement Platform (DBEP) is a platform that supports banks in their...