If your shop has the “Frictionless 3DS2” option , you have the possibility1 to request an exemption from the strong authentication principle. This concerns transactions of less than €30 and within the limit of either five (5) consecutive operations or a total amount of less than €100.
-
Low value transactions
In Europe, you can request an exemption from strong authentication, for transactions of less than €30, and within the limit of either 5 successive operations or a cumulative amount of less than €100.
If the amount is higher than €30, the value transmitted by the merchant is ignored and the choice of the preference is transferred to the card issuer (No Preference).
For payments made in a currency other than euro, a request for frictionless is transmitted to the issuer.
If the frictionless request is accepted, the merchant loses the payment guarantee.
-
Transactional Risk Analysis (Acquirer TRA)
If your store has the "TRA Acquirer 3DS2" option, you can ask the issuer for an exemption from strong authentication if the amount is below the threshold set by your financial institution.
If the frictionless request is accepted, the merchant loses the payment guarantee.
The “Acquirer 3DS2 TRA" activation option is subject to the prior agreement of your financial institution. -
Low Risk Merchant (LRM)
The LRM program is an exemption that allows merchants with CB contracts to be frictionless. Its aim is to meet the needs of very low-risk, high-volume merchants. It makes it possible to leverage the investments made in the fight against fraud, by optimizing the frictionless rate where regulations allow.
Until now, the LRM program has covered up to €100 for a systematic exemption of eligible beneficiaries. GIE CB has launched a trial of the €100 to €250 tranche.
The LRM program has no end date for payments between €0-100.
The benefit of the €100-250 program is being tested until September 30, 2024, according to CB.
You can configure this exemption rule using your payment form (field “vads_threeds_mpi” or “strongAthentication” depending on the API used).
Ultimately, your client’s bank (the “issuing bank”) that decides to grant an authentication exemption to its client.