On This Page

Authorizations with Strong Customer Authentication Exemption

This section shows you how to process an authorization with a strong customer authentication (SCA) exemption.
You can use SCA exemptions to streamline the payment process. SCA exemptions are part of the European second Payment Services Directive (PSD2) and allow certain types of low-risk transactions to bypass additional authentication steps while still remaining compliant with PSD2. You can choose which exemption can be applied to a transaction, but the card-issuing bank actually grants an SCA exemption during card authentication.
You can process an authorization with two types of SCA exemptions:
  • Exemption on Authorization
    : Send an authorization without payer authentication and request an SCA exemption on the authorization. If it is not approved, you may be required to request further authentication upon retry.
  • Exemption on Authentication
    : Request an SCA exemption during payer authentication and if successful, send an authorization including the SCA exemption details.
Depending on your processor, use one of these exemption fields:
IMPORTANT
If you send more than one SCA exemption field with a single authentication, the transaction is denied.
  • Authentication Outage
    : Payer authentication is not available for this transaction due to a system outage.
  • B2B Corporate Card
    : Payment cards specifically for business-to-business transactions are exempt.
  • Delegated Authentication
    : Payer authentication was performed outside of the authorization workflow.
  • Follow-On Installment Payment
    : Installment payments of a fixed amount are exempt after the first transaction.
  • Follow-On Recurring Payment
    : Recurring payments of a fixed amount are exempt after the first transaction.
  • Low Risk
    : The average fraud levels associated with this transaction are considered low.
  • Low Value
    : The transaction value does not warrant SCA.
  • Merchant Initiated Transactions
    : As follow-on transactions, merchant-initiated transactions are exempt.
  • Stored Credential Transaction
    : Credentials are authenticated before storing, so stored credential transactions are exempt.
  • Trusted Merchant
    : Merchants registered as trusted beneficiaries.

Exemption Fields Specific to the Strong Customer Authentication Use Case

Use one of these fields to request an SCA exemption:
Types of SCA Exemptions
Exemption Type
Field
Value
Authentication Outage
consumerAuthenticationInformation. strongAuthentication. authenticationOutageExemptionIndicator
1
B2B Corporate Card Transaction
consumerAuthenticationInformation. strongAuthentication. secureCorporatePaymentIndicator
1
Delegated Authentication
consumerAuthenticationInformation. strongAuthentication. delegatedAuthenticationExemptionIndicator
1
Low-Risk Transaction
consumerAuthenticationInformation. strongAuthentication. riskAnalysisExemptionIndicator
1
Low-Value Transaction
consumerAuthenticationInformation. strongAuthentication. lowValueExemptionIndicator
1
Trusted Merchant Transaction
consumerAuthenticationInformation. strongAuthentication. trustedMerchantExemptionIndicator
1

Country-Specific Requirements

These fields are specific to certain countries and regions.
Argentina
merchantInformation.taxId
Required for Mastercard transactions.
merchantInformation.transactionLocalDateTime
Required when the time zone is not included in your account. Otherwise, this field is optional.
Brazil
paymentInformation.card.sourceAccountType
Required for combo card transactions.
paymentInformation.card.sourceAccountTypeDetails
Required for combo card line-of-credit and prepaid-card transactions.
Chile
merchantInformation.taxId
Required for Mastercard transactions.
Paraguay
merchantInformation.taxId
Required for Mastercard transactions.
Saudi Arabia
processingInformation.authorizationOptions.transactionMode
Taiwan
paymentInformation.card.hashedNumber

Endpoint

Production:
POST
https://nabgateway-api.nab.com.au
/pts/v2/payments
Test:
POST
https://nabgateway-api-test.nab.com.au
/pts/v2/payments

Required Fields for Processing an Authorization with an SCA Exemption

Use these required fields for processing an authorization that includes an SCA exemption.
IMPORTANT
When relaxed requirements for address data and the expiration date are being used, not all fields in this list are required. It is your responsibility to determine whether your account is enabled to use this feature and which fields are required. For details about relaxed requirements, see Relaxed Requirements for Address Data and Expiration Date in Payment Transactions.
orderInformation.amountDetails.currency
orderInformation.amountDetails.totalAmount
orderInformation.billTo.address1
orderInformation.billTo.administrativeArea
orderInformation.billTo.country
orderInformation.billTo.email
orderInformation.billTo.firstName
orderInformation.billTo.lastName
orderInformation.billTo.locality
orderInformation.billTo.postalCode
paymentInformation.card.expirationMonth
paymentInformation.card.expirationYear
paymentInformation.card.number
paymentInformation.card.type

REST Example: Processing an Authorization with an SCA Exemption for Low-Value Transactions

Request
{
  "consumerAutenticationInformation" : {
  	"strongAuthentication" : {
  	  "lowValueExemptionIndicator" : "1"
  	}
  },
  "orderInformation" : {
    "billTo" : {
      "country" : "US",
      "lastName" : "Kim",
      "address1" : "201 S. Division St.",
      "postalCode" : "48104-2201",
      "locality" : "Ann Arbor",
      "administrativeArea" : "MI",
      "firstName" : "Kyong-Jin",
      "email" : ""
    },
    "amountDetails" : {
      "totalAmount" : "100.00",
      "currency" : "eur"
    }
  },
  "paymentInformation" : {
    "card" : {
      "expirationYear" : "2031",
      "number" : "4111111111111111",
      "expirationMonth" : "12"
    }
  }
}
Response to a Successful Request
{
    "_links": {
        "authReversal": {
            "method": "POST",
            "href": "/pts/v2/payments/6709780221406171803955/reversals"
        },
        "self": {
            "method": "GET",
            "href": "/pts/v2/payments/6709780221406171803955"
        },
        "capture": {
            "method": "POST",
            "href": "/pts/v2/payments/6709780221406171803955/captures"
        }
    },
    "clientReferenceInformation": {
        "code": "1670978022258"
    },
    "id": "6709780221406171803955",
    "orderInformation": {
        "amountDetails": {
            "authorizedAmount": "100.00",
            "currency": "eur"
        }
    },
    "paymentAccountInformation": {
        "card": {
            "type": "001"
        }
    },
    "paymentInformation": {
        "tokenizedCard": {
            "type": "001"
        },
        "card": {
            "type": "001"
        }
    },
    "pointOfSaleInformation": {
        "terminalId": "123456"
    },
    "processorInformation": {
        "approvalCode": "888888",
        "networkTransactionId": "123456789619999",
        "transactionId": "123456789619999",
        "responseCode": "100",
        "avs": {
            "code": "X",
            "codeRaw": "I1"
        }
    },
    "reconciliationId": "62859554PBDEMI43",
    "status": "AUTHORIZED",
    "submitTimeUtc": "2022-12-14T00:33:42Z"
}