Expressing a choice or disabling authentication
In 3DS2, the merchant can express a choice.
Under PSD2, it is no longer possible to disable authentication in 3DS2.
However, the merchant can express their choice regarding cardholder authentication.
This is called “merchant preference”.
- Request strong authentication, with cardholder interaction (challenge);
- Request authentication without interaction (frictionless), requires the “Frictionless 3DS2” option;
- Not choose anything and let the issuer decide (no preference).
By default, “no preference” is applied.
- either via the payment request;
- or via a payment module (PrestaShop, Magento, etc.);
- or via the Merchant Back Office if the merchant is authorized to access the advanced risk module.
Frictionless request
Merchants having opted for an offer including the “Frictionless 3DS2” option can request an exemption from strong authentication in the payment request.
- to express a preference when it comes to the authentication mode;
- to request a payment without cardholder interaction (frictionless).
The buyer does not have to authenticate if the request is accepted by the issuer, but the merchant assumes the responsibility in case of chargeback (no liability shift to the issuer).
In Europe, the merchant can request an exemption from strong authentication for low value transactions in euro (< €30).
All transactions > €30 are not systematically submitted to strong authentication. There are other exemptions, such as the application of an Acquirer TRA or of a trusted beneficiary.
For payments made in a currency other than euro, a frictionless authentication request is sent to the issuer regardless of the amount, if the merchant requests it and if they have the “Frictionless 3DS2” option.
- Low value transactions
In Europe, you can request an exemption from strong authentication, for transactions of less than €30, and within the limit of either 5 successive operations or a cumulative amount of less than €100.
If the amount is higher than €30, the value transmitted by the merchant is ignored and the choice of the preference is transferred to the card issuer (No Preference).
For payments made in a currency other than euro, a request for frictionless is transmitted to the issuer.
If the frictionless request is accepted, the transaction does not benefit from liability shift dispute by the cardholder..
- Transactional Risk Analysis (Acquirer TRA)
If your store has the "TRA Acquirer 3DS2" option, you can ask the issuer for an exemption from strong authentication if the amount is below the threshold set by your financial institution.
If the frictionless request is accepted, the transaction does not benefit from liability shift dispute by the cardholder..
The “Acquirer 3DS2 TRA" activation option is subject to the prior agreement of your financial institution. - Low Risk Merchant (LRM)
The LRM program is an exemption that allows merchants with CB contracts to be frictionless. Its aim is to meet the needs of very low-risk, high-volume merchants. It makes it possible to leverage the investments made in the fight against fraud, by optimizing the frictionless rate where regulations allow.
Until now, the LRM program has covered up to €100 for a systematic exemption of eligible beneficiaries. GIE CB has launched a trial of the €100 to €250 tranche.
The LRM program has no end date for payments between €0-100.
The benefit of the €100-250 program is being tested until September 30, 2024, according to CB.
The gateway automatically determines the exemption motive to send to the issuer based on your shop’s options and the amount of the transaction.