Welcome to Woohoo Pay

Are any transactions exempt from SCA?

For transactions that are in the scope of PSD2, a merchant can request that the SCA requirement be ‘exempted’ in certain scenarios. The issuer decides if the exemption is granted or not.

Below are the exemptions that negate the need for SCA on certain transaction
types, but conditions do apply:

Low Value Transactions
Remote transactions less than €30 do not require SCA if the below velocity limits are met:

  • The cumulative limit of consecutive transactions without the application of SCA must not exceed €100; or
  • The number of consecutive transactions since the last application of SCA must not exceed five.

The Merchant can request this exemption or it may be automatically applied by the Issuer.


Transaction Risk Analysis
If the Merchant’s Payment Service Provider (PSP), such as the Acquirer, meets prescribed risk analysis conditions then the Merchant can request that this be used to exempt them from SCA.

The Merchant can request this if agreed by the PSP.

Trusted Beneficiaries
The consumer may add a trusted Merchant to a list of trusted beneficiaries held by their Issuer, completing an SCA challenge in the process, to prevent further SCA application on subsequent transactions with the trusted Merchant.

The Merchant can request this exemption to allow this trust to be taken into consideration.

Secure Corporate Transactions

Transactions initiated by a business rather than a Consumer and processed through a secured dedicated payment protocol can be exempt from SCA provided alternative controls are sufficiently secure.

The Merchant can request this exemption to indicate a secure transaction.


Delegated Authentication 

If a Merchant already requires the Consumer to perform sufficient authentication on their website, such as secure account login.

The Merchant can use this exemption to request that further SCA is not required.


Merchant Initiated Transactions (MIT), Continuous Authority (CA) and Mail Order/Telephone Order (MOTO) transactions are automatically exempt from SCA.

Exemptions are defined by PSD2’s Regulatory Technical Standards (RTS) and are always at the discretion of banks and/or Acquirers. Please note that not all Acquirers currently support all exemptions and the Gateway will not process any unsupported exemptions requested.