Exemptions
Exemptions for e-commerce transactions
Attention
Exemptions are only supported by Visa and MasterCard.
If the transaction is thought to be eligible for an exemption from SCA, it can be requested using the parameter ScaExemption.
- Can only be used with TransType:
- 17 (e-commerce, with CVV2/CVC2)
- 12 (subsequent transaction)
- 1B (token transaction)
- If the issuer does not accept the exemption he can request a challenge by responding with response code 1A (Visa) or 65 (MasterCard), then a 3D Secure transaction (TransType = 15) is needed.
- If exemption fails validation, response code T8 will be returned
Low Value Exemption
- Requested with parameter ScaExemption = LOW
- Transaction currency is one of the following and within the currency limit:
- Below or equal to 30 EUR
- Below or equal to 225 DKK
- Below or equal to 27 GBP
- Below or equal to 310 SEK
- Below or equal to 5000 ISK
- Below or equal to 325 NOK
- Below or equal to 32 CHF
- Below or equal to 135 PLN
- Below or equal to 36 USD
Example
// code is compatible with .net8 console app
using System.Web;
using Microsoft.Extensions.DependencyInjection;
var service = new ServiceCollection();
service.AddHttpClient();
var client = service.BuildServiceProvider()
.GetService<IHttpClientFactory>()!
.CreateClient();
var parameters = new Dictionary<string, string>
{
{ "MsgType", "0100" },
{ "MsgSenderID", "[insert your username]" },
{ "MsgSenderAP", "[insert your password]" },
{ "MsgID", "123456" },
{ "MerchantXID", "2995652ABCDEFGH" },
{ "MerchantType", "5999" },
{ "TerminalID", "18101001" },
{ "CardType", "V" },
{ "CardNumber", "4761739001010010" },
{ "CardExpDate", "2512" },
{ "CardVD", "001" },
{ "TransType", "17" },
{ "TransAmount", "20" }, // Amount below 30 EUR
{ "TransCurrency", "978" },
{ "TransTime", "230101" },
{ "TransDate", "0310" },
{ "MerchantName", "CIP*Billy shoes" },
{ "MerchantCity", "London" },
{ "ScaExemption", "LOW" }
};
var request = new HttpRequestMessage(HttpMethod.Post, "https://authorization.acquiring.uat.valitor.com/process")
{
Content = new FormUrlEncodedContent(parameters)
};
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
var responseParameters = System.Web.HttpUtility.ParseQueryString(content);
// Process responseParameters here
}
else
{
// Handle error
}
Transaction Risk Analysis Exemption
-
Requested with parameter ScaExemption = TRA
-
Transaction currency is one of the following and within the currency limit:
- Below or equal to 250 EUR
- Below or equal to 1800 DKK
- Below or equal to 210 GBP
- Below or equal to 2600 SEK
- Below or equal to 35000 ISK
- Below or equal to 2450 NOK
- Below or equal to 255 CHF
- Below or equal to 1160 PLN
- Below or equal to 270 USD
- To reduce the likelihood of a soft decline, issuer approval can be requested through a 3DS Server.
- The aforementioned currency limitations DO NOT apply for PFs and Issuer approved TRA requests.
Examples
Straight-to-auth (not using the MPI)
// code is compatible with .net8 console app
using System.Web;
using Microsoft.Extensions.DependencyInjection;
var service = new ServiceCollection();
service.AddHttpClient();
var client = service.BuildServiceProvider()
.GetService<IHttpClientFactory>()!
.CreateClient();
var parameters = new Dictionary<string, string>
{
{ "MsgType", "0100" },
{ "MsgSenderID", "[insert your username]" },
{ "MsgSenderAP", "[insert your password]" },
{ "MsgID", "123456" },
{ "MerchantXID", "2995652ABCDEFGH" },
{ "MerchantType", "5999" },
{ "TerminalID", "18101001" },
{ "CardType", "V" },
{ "CardNumber", "4761739001010010" },
{ "CardExpDate", "2512" },
{ "CardVD", "001" },
{ "TransType", "17" },
{ "TransAmount", "50" },
{ "TransCurrency", "978" },
{ "TransTime", "230101" },
{ "TransDate", "0310" },
{ "MerchantName", "CIP*Billy shoes" },
{ "MerchantCity", "London" },
{ "ScaExemption", "TRA" }
};
var request = new HttpRequestMessage(HttpMethod.Post, "https://authorization.acquiring.uat.valitor.com/process")
{
Content = new FormUrlEncodedContent(parameters)
};
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
var responseParameters = System.Web.HttpUtility.ParseQueryString(content);
// Process responseParameters here
}
else
{
// Handle error
}
// code is compatible with .net8 console app
using System.Web;
using Microsoft.Extensions.DependencyInjection;
var service = new ServiceCollection();
service.AddHttpClient();
var client = service.BuildServiceProvider()
.GetService<IHttpClientFactory>()!
.CreateClient();
var parameters = new Dictionary<string, string>
{
{ "MsgType", "0100" },
{ "MsgSenderID", "[insert your username]" },
{ "MsgSenderAP", "[insert your password]" },
{ "MsgID", "123456" },
{ "MerchantXID", "2995652ABCDEFGH" },
{ "MerchantType", "5999" },
{ "TerminalID", "18101001" },
{ "CardType", "V" },
{ "CardNumber", "4761739001010010" },
{ "CardExpDate", "2512" },
{ "CardVD", "001" },
{ "TransType", "17" },
{ "TransAmount", "50" },
{ "TransCurrency", "978" },
{ "TransTime", "230101" },
{ "TransDate", "0310" },
{ "MerchantName", "CIP*Billy shoes" },
{ "MerchantCity", "London" },
{ "ScaExemption", "TRA" },
{ "CAVD", "ApkzRFVmd4iZAKq7zN3u/wAAAAA=" },
{ "dsTransID", "4E192AD7-D2EF-4AD6-B2E1-460FDA4898CB" }
};
var request = new HttpRequestMessage(HttpMethod.Post, "https://authorization.acquiring.uat.valitor.com/process")
{
Content = new FormUrlEncodedContent(parameters)
};
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
var responseParameters = System.Web.HttpUtility.ParseQueryString(content);
// Process responseParameters here
}
else
{
// Handle error
}
Authentication Outage
- Requested with parameter ScaExemption = OUT
- If the EMV 3DS Authentication flow is not available, merchants should first attempt use of a suitable exemption (subject to the acquirer’s approval) before opting for use of the authentication outage exemption.
- When a merchant cannot authenticate due to an outage at their provider they can use the OUT exemption.
- This must NOT be used if an outage has occurred in the issuer domain (for example the ACS Server). In such cases, the Visa/Mastercard attempts processing will play a role and a CAVV/UCAF (with an ECI 06) will be returned when the ACS is down.
- Merchants should regularly continue to re-establish connection during the time the authentication outage exemption is invoked. When a reliable connection is secured then they should stop using the authentication outage exemption and resume the 3DS route as soon as the connection is re-established.
- Any merchant misuse can result in revoking access to the authentication outage exemption.
Example
// code is compatible with .net8 console app
using System.Web;
using Microsoft.Extensions.DependencyInjection;
var service = new ServiceCollection();
service.AddHttpClient();
var client = service.BuildServiceProvider()
.GetService<IHttpClientFactory>()!
.CreateClient();
var parameters = new Dictionary<string, string>
{
{ "MsgType", "0100" },
{ "MsgSenderID", "[insert your username]" },
{ "MsgSenderAP", "[insert your password]" },
{ "MsgID", "123456" },
{ "MerchantXID", "2995652ABCDEFGH" },
{ "MerchantType", "5999" },
{ "TerminalID", "18101001" },
{ "CardType", "V" },
{ "CardNumber", "4761739001010010" },
{ "CardExpDate", "2512" },
{ "CardVD", "001" },
{ "TransType", "17" },
{ "TransAmount", "75" },
{ "TransCurrency", "978" },
{ "TransTime", "230101" },
{ "TransDate", "0310" },
{ "MerchantName", "CIP*Billy shoes" },
{ "MerchantCity", "London" },
{ "ScaExcemption", "OUT" }
};
var request = new HttpRequestMessage(HttpMethod.Post, "https://authorization.acquiring.uat.valitor.com/process")
{
Content = new FormUrlEncodedContent(parameters)
};
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
var responseParameters = System.Web.HttpUtility.ParseQueryString(content);
// Process responseParameters here
}
else
{
// Handle error
}
Secure Corporate Payments Exemption
- Requested with parameter ScaExemption = SCP
The implementation of the Secure Corporate Payment (SCP) exemption requires the following steps and data elements:
Eligibility and Environment:
- The transaction must originate from a secure corporate environment, such as a corporate travel management system, corporate booking tool, or procurement system accessible only by authorized employees through secure log-in processes.
- Only transactions made by payers who are legal persons (not consumers) using eligible commercial card products (e.g., virtual cards, Central Travel Accounts, physical commercial cards used within secure corporate environments) qualify. Personal cards, even if used for business purchases, do not qualify.
Authentication Flow (Optional):
- The exemption can be exercised via EMV 3DS 2.2 or newer authentication flow or directly in the authorization message.
- If using EMV 3DS, set the 3DS Requestor Challenge Indicator (threeDSRequestorChallengeInd) to '82' (No challenge requested, utilize SCP exemption as applicable).
- If the exemption is accepted during authentication, it must be restated in the authorization message along with the CAVD and dsTransID received at authentication. Pick the correct TransType based on the ECI value: ECI 05 and 00 use TransType 15, ECI 07 and 02 use TransType 17.
Examples
Straight-to-auth (not using the MPI)
// code is compatible with .net8 console app
using System.Web;
using Microsoft.Extensions.DependencyInjection;
var service = new ServiceCollection();
service.AddHttpClient();
var client = service.BuildServiceProvider()
.GetService<IHttpClientFactory>()!
.CreateClient();
var parameters = new Dictionary<string, string>
{
{ "MsgType", "0100" },
{ "MsgSenderID", "[insert your username]" },
{ "MsgSenderAP", "[insert your password]" },
{ "MsgID", "123456" },
{ "MerchantXID", "2995652ABCDEFGH" },
{ "MerchantType", "5999" },
{ "TerminalID", "18101001" },
{ "CardType", "V" },
{ "CardNumber", "4761739001010010" },
{ "CardExpDate", "2512" },
{ "CardVD", "001" },
{ "TransType", "17" },
{ "TransAmount", "50" },
{ "TransCurrency", "978" },
{ "TransTime", "230101" },
{ "TransDate", "0310" },
{ "MerchantName", "CIP*Billy shoes" },
{ "MerchantCity", "London" },
{ "ScaExemption", "SCP" }
};
var request = new HttpRequestMessage(HttpMethod.Post, "https://authorization.acquiring.uat.valitor.com/process")
{
Content = new FormUrlEncodedContent(parameters)
};
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
var responseParameters = System.Web.HttpUtility.ParseQueryString(content);
// Process responseParameters here
}
else
{
// Handle error
}
// code is compatible with .net8 console app
using System.Web;
using Microsoft.Extensions.DependencyInjection;
var service = new ServiceCollection();
service.AddHttpClient();
var client = service.BuildServiceProvider()
.GetService<IHttpClientFactory>()!
.CreateClient();
var parameters = new Dictionary<string, string>
{
{ "MsgType", "0100" },
{ "MsgSenderID", "[insert your username]" },
{ "MsgSenderAP", "[insert your password]" },
{ "MsgID", "123456" },
{ "MerchantXID", "2995652ABCDEFGH" },
{ "MerchantType", "5999" },
{ "TerminalID", "18101001" },
{ "CardType", "V" },
{ "CardNumber", "4761739001010010" },
{ "CardExpDate", "2512" },
{ "CardVD", "001" },
{ "TransType", "17" },
{ "TransAmount", "50" },
{ "TransCurrency", "978" },
{ "TransTime", "230101" },
{ "TransDate", "0310" },
{ "MerchantName", "CIP*Billy shoes" },
{ "MerchantCity", "London" },
{ "ScaExemption", "SCP" },
{ "CAVD", "ApkzRFVmd4iZAKq7zN3u/wAAAAA=" },
{ "dsTransID", "4E192AD7-D2EF-4AD6-B2E1-460FDA4898CB" }
};
var request = new HttpRequestMessage(HttpMethod.Post, "https://authorization.acquiring.uat.valitor.com/process")
{
Content = new FormUrlEncodedContent(parameters)
};
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
var responseParameters = System.Web.HttpUtility.ParseQueryString(content);
// Process responseParameters here
}
else
{
// Handle error
}
Automatic exemption
- Requested with parameter ScaExemption = AUT
- The transaction risk analysis will be applied if the merchant has been approved by Rapyd.
- Otherwise, if the amount limit is not exceeded, the low value exemption will be applied.