Tabs
API

As we explain in our Exemptions to SCA article, you can flag an exemption in the authorization message without first performing Strong Customer Authentication (SCA) for certain low-risk scenarios. After assessing the request’s validity, the Issuer will either apply the exemption or request authentication.

Merchants should first consult with their Acquirer before managing their own exemption messaging. Merchants who want to utilize exemption flags in authorization should contact ecomsupport@globalpay.com.

info

Request syntax

The following table provides the request syntax for the Exemption Status field. An O in the Type column indicates that this field is optional.

Element/Field Category Format Type Length Description
Exemption Status string enum O N/A

The exemption being requested. Allowed values:

LOW_VALUE
TRANSACTION_RISK_ANALYSIS
SECURE_CORPORATE_PAYMENT
SCA_DELEGATION

 

Sample request

Here, we request an exemption for TRANSACTION_RISK_ANALYSIS in the authorization message.

For more information on exemptions in an authorization message, see Exemptions to SCA.

info
GatewayConfig config = new GatewayConfig();
config.setMerchantId("myMerchantId");
config.setAccountId("ecomeos");
config.setSharedSecret("secret");
config.setMethodNotificationUrl("https://www.example.com/methodNotificationUrl");
config.setChallengeNotificationUrl("https://www.example.com/challengeNotificationUrl");
config.setSecure3dVersion(Secure3dVersion.TWO);
config.setMerchantContactUrl("https://www.example.com");
 
ServicesContainer.configureService(config);
 
CreditCardData card = new CreditCardData();
card.setNumber("4263970000005262");
card.setExpMonth(12);
card.setExpYear(DateTime.now().getYear() + 1);
card.setCardHolderName("John Smith");
 
// shipping address
Address shippingAddress = new Address();
shippingAddress.setStreetAddress1("Apartment 852");
shippingAddress.setStreetAddress2("Complex 741");
shippingAddress.setStreetAddress3("no");
shippingAddress.setCity("Chicago");
shippingAddress.setPostalCode("5001");
shippingAddress.setState("IL");
shippingAddress.setCountryCode("840");
 
// billing address
Address billingAddress = new Address();
billingAddress.setStreetAddress1("Flat 456");
billingAddress.setStreetAddress2("House 789");
billingAddress.setStreetAddress3("no");
billingAddress.setCity("Halifax");
billingAddress.setPostalCode("W5 9HR");
billingAddress.setCountryCode("826");
 
// browser data
BrowserData browserData = new BrowserData();
browserData.setAcceptHeader("text/html,application/xhtml+xml,application/xml;q=9,image/webp,img/apng,*/*;q=0.8");
browserData.setColorDepth(ColorDepth.TwentyFourBit);
browserData.setIpAddress("123.123.123.123");
browserData.setJavaEnabled(true);
browserData.setLanguage("en");
browserData.setScreenHeight(1080);
browserData.setScreenWidth(1920);
browserData.setChallengeWindowSize(ChallengeWindowSize.Windowed_600x400);
browserData.setTimezone("0");
browserData.setUserAgent("Mozilla/5.0 (Windows NT 6.1; Win64, x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36");
 
ThreeDSecure secureEcom =
       Secure3dService
               .checkEnrollment(card)
               .execute(Secure3dVersion.TWO);
 
assertNotNull(secureEcom);
assertNotNull(secureEcom.getServerTransactionId());
assertTrue(secureEcom.isEnrolled());
assertEquals(Secure3dVersion.TWO, secureEcom.getVersion());
 
// initiate authentication
ThreeDSecure initAuth =
       Secure3dService
               .initiateAuthentication(card, secureEcom)
               .withAmount(new BigDecimal(10.00))
               .withCurrency("EUR")
               .withOrderCreateDate(DateTime.now())
               .withAddress(billingAddress, AddressType.Billing)
               .withAddress(shippingAddress, AddressType.Shipping)
               .withBrowserData(browserData)
               .withMethodUrlCompletion(MethodUrlCompletion.No)
               .withEnableExemptionOptimization(true)
               .execute(Secure3dVersion.TWO);
 
assertNotNull(initAuth);
assertEquals("APPLY_EXEMPTION", initAuth.getExemptReason());
assertEquals(ExemptStatus.TransactionRiskAnalysis, initAuth.getExemptStatus());
 
// get authentication data
secureEcom =
       Secure3dService
               .getAuthenticationData()
               .withServerTransactionId(initAuth.getServerTransactionId())
               .execute(Secure3dVersion.TWO);
 
assertEquals(ExemptStatus.TransactionRiskAnalysis, secureEcom.getExemptStatus());
card.setThreeDSecure(secureEcom);
assertEquals("AUTHENTICATION_SUCCESSFUL", secureEcom.getStatus());
 
card
       .charge(new BigDecimal(10.00))
       .withCurrency("EUR")
       .execute();
$config = new GpEcomConfig();
        $config->merchantId = 'myMerchantId';
        $config->accountId = 'ecomeos';
        $config->sharedSecret = 'secret';
        $config->methodNotificationUrl = 'https://www.example.com/methodNotificationUrl';
        $config->challengeNotificationUrl = 'https://www.example.com/challengeNotificationUrl';
        $config->secure3dVersion = Secure3dVersion::TWO;
        $config->merchantContactUrl = 'https://www.example.com';
 
        ServicesContainer::configureService($config);
 
        $card = new CreditCardData();
        $card->number = 4263970000005262;
        $card->expMonth = 12;
        $card->expYear = intval(date('Y')) + 1;
        $card->cardHolderName = 'John Smith';
        $card->cvn = '123';
        $card->cvnPresenceIndicator = CvnPresenceIndicator::PRESENT;
 
        // shipping address
        $shippingAddress = new Address();
        $shippingAddress->streetAddress1 = 'Apartment 852';
        $shippingAddress->streetAddress2 = 'Complex 741';
        $shippingAddress->streetAddress3 = 'no';
        $shippingAddress->city = 'Chicago';
        $shippingAddress->postalCode = '5001';
        $shippingAddress->state = 'IL';
        $shippingAddress->countryCode = '840';
 
        // billing address
        $billingAddress = new Address();
        $billingAddress->streetAddress1 = 'Flat 456';
        $billingAddress->streetAddress2 = 'House 789';
        $billingAddress->streetAddress3 = 'no';
        $billingAddress->city = 'Halifax';
        $billingAddress->postalCode = 'W5 9HR';
        $billingAddress->countryCode = '826';
 
        // browser data
        $browserData = new BrowserData();
        $browserData->acceptHeader = 'text/html,application/xhtml+xml,application/xml;q=9,image/webp,img/apng,*/*;q=0.8';
        $browserData->colorDepth = ColorDepth::TWENTY_FOUR_BITS;
        $browserData->ipAddress = '123.123.123.123';
        $browserData->javaEnabled = true;
        $browserData->javaScriptEnabled = true;
        $browserData->language = 'en';
        $browserData->screenHeight = 1080;
        $browserData->screenWidth = 1920;
        $browserData->challengWindowSize = ChallengeWindowSize::WINDOWED_600X400;
        $browserData->timeZone = '0';
        $browserData->userAgent = 'Mozilla/5.0 (Windows NT 6.1; Win64, x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36';
 
        $secureEcom = Secure3dService::checkEnrollment($card)
            ->execute('default', Secure3dVersion::TWO);
 
        $this->assertNotNull($secureEcom);
        $this->assertNotNull($secureEcom->serverTransactionId);
        $this->assertTrue($secureEcom->enrolled);
        $this->assertEquals(Secure3dVersion::TWO, $secureEcom->getVersion());
 
        // initiate authentication
        $initAuth = Secure3dService::initiateAuthentication($card, $secureEcom)
            ->withAmount(10.00)
            ->withCurrency('EUR')
            ->withOrderCreateDate(date('Y-m-d H:i:s'))
            ->withAddress($billingAddress, AddressType::BILLING)
            ->withAddress($shippingAddress, AddressType::SHIPPING)
            ->withBrowserData($browserData)
            ->withMethodUrlCompletion(MethodUrlCompletion::NO)
            ->withEnableExemptionOptimization(true)
            ->execute();
 
        $this->assertNotNull($initAuth);
        $this->assertEquals(ExemptionReason::APPLY_EXEMPTION, $initAuth->exemptReason);
        $this->assertEquals(ExemptStatus::TRANSACTION_RISK_ANALYSIS, $initAuth->exemptStatus);
 
        // get authentication data
        $secureEcom = Secure3dService::getAuthenticationData()
            ->withServerTransactionId($initAuth->serverTransactionId)
            ->execute();
        $this->assertEquals(ExemptStatus::TRANSACTION_RISK_ANALYSIS, $secureEcom->exemptStatus);
        $card->threeDSecure = $secureEcom;
        $this->assertEquals('AUTHENTICATION_SUCCESSFUL', $secureEcom->status);
 
        $card->charge(10.00)
            ->withCurrency('EUR')
            ->execute();
GatewayConfig config = new GpEcomConfig();
config.MerchantId = "myMerchantId";
config.AccountId = "ecomeos";
config.SharedSecret = "secret";
config.MethodNotificationUrl = "https://www.example.com/methodNotificationUrl";
config.ChallengeNotificationUrl = "https://www.example.com/challengeNotificationUrl";          
config.MerchantContactUrl = "https://www.example.com";
config.Secure3dVersion = Secure3dVersion.Two;
 
ServicesContainer.ConfigureService(config);
 
CreditCardData card = new CreditCardData();            
card.Number = "4263970000005262";
card.ExpMonth = 12;
card.ExpYear = DateTime.Now.Year + 1;
card.CardHolderName = "John Smith";
 
// Shipping address
Address shippingAddress = new Address();
shippingAddress.StreetAddress1 = "Apartment 852";
shippingAddress.StreetAddress2 = "Complex 741";
shippingAddress.StreetAddress3 = "no";
shippingAddress.City = "Chicago";
shippingAddress.PostalCode = "5001";
shippingAddress.State = "IL";
shippingAddress.CountryCode = "840";
 
// Billing address
Address billingAddress = new Address();
billingAddress.StreetAddress1 = "Flat 456";
billingAddress.StreetAddress2 = "House 789";
billingAddress.StreetAddress3 = "no";
billingAddress.City = "Halifax";
billingAddress.PostalCode = "W5 9HR";
billingAddress.CountryCode = "826";
 
// Browser data
BrowserData browserData = new BrowserData();            
browserData.AcceptHeader = "text/html,application/xhtml+xml,application/xml;q=9,image/webp,img/apng,*/*;q=0.8";
browserData.ColorDepth = ColorDepth.TWENTY_FOUR_BITS;
browserData.IpAddress = "123.123.123.123";
browserData.JavaEnabled = true;
browserData.Language = "en";
browserData.ScreenHeight = 1080;
browserData.ScreenWidth = 1920;
browserData.ChallengeWindowSize = ChallengeWindowSize.WINDOWED_600X400;
browserData.Timezone = "0";
browserData.UserAgent = "Mozilla/5.0 (Windows NT 6.1; Win64, x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36";
 
 ThreeDSecure secureEcom = Secure3dService.CheckEnrollment(card)
                .Execute(Secure3dVersion.Two);
 
            Assert.IsNotNull(secureEcom);
            Assert.IsNotNull(secureEcom.ServerTransactionId);
            Assert.AreEqual("True", secureEcom.Enrolled);
 
            // initiate authentication
            ThreeDSecure initAuth =
                Secure3dService
                        .InitiateAuthentication(card, secureEcom)
                        .WithCurrency("EUR")
                        .WithAmount(10m)
                        .WithMethodUrlCompletion(MethodUrlCompletion.NO)
                        .WithOrderCreateDate(DateTime.Now)
                        .WithAddress(shippingAddress, AddressType.Shipping)
                        .WithAddress(billingAddress, AddressType.Billing)
                        .WithBrowserData(browserData)
                        .WithEnableExemptionOptimization(true)
                        .Execute(Secure3dVersion.Two);
 
            Assert.IsNotNull(initAuth);
            Assert.AreEqual("APPLY_EXEMPTION", initAuth.ExemptReason);
            Assert.AreEqual(ExemptStatus.TRANSACTION_RISK_ANALYSIS, initAuth.ExemptStatus);
            Assert.AreEqual("AUTHENTICATION_SUCCESSFUL", initAuth.Status);
 
            // get authentication data
            secureEcom = Secure3dService.GetAuthenticationData()
                .WithServerTransactionId(initAuth.ServerTransactionId)                
                .Execute(Secure3dVersion.Two);
 
            Assert.AreEqual(ExemptStatus.TRANSACTION_RISK_ANALYSIS, secureEcom.ExemptStatus);
            card.ThreeDSecure = secureEcom;
            Assert.AreEqual("AUTHENTICATION_SUCCESSFUL", secureEcom.Status);
 
            card.Charge(10m)
                .WithCurrency("EUR")
                .Execute();
<?xml version="1.0" encoding="UTF-8"?>
<request type="auth" timestamp="20180613104233">
  <merchantid>MerchantId</merchantid>
  <account>internet</account>
  <orderid>AWfoT2k9TzuA0wn8Ze_IIQ</orderid>
  <amount currency="EUR">1000</amount>
  <card>
    <number>4263970000005262</number>
    <expdate>0525</expdate>
    <chname>Philip Marlowe</chname>
    <type>VISA</type>
    <cvn>
      <number>123</number>
      <presind>1</presind>
    </cvn>
  </card>
  <autosettle flag="1"/>
  <mpi>
    <exempt_status>TRANSACTION_RISK_ANALYSIS</exempt_status>
  </mpi>
  <sha1hash>c87e5fa0858671510a02477d146ef744233e4ba8</sha1hash>
</request>

Soft decline (conditional)

If the Issuer does not approve the exemption request and requires authentication before the payment can be processed further, you’ll receive a response code of 111. This is known as a soft decline. When your application or website receives this code, it should proceed with the standard 3D Secure 2 authentication steps (see Authentication).

The following table provides the response syntax for the Result field.

Element/Field Category Format Code Description
Result string numeric 111 Soft decline. Indicates that a SCA exemption cannot be applied and that the transaction must proceed through 3D Secure 2 authentication.

Sample response

Here, the Issuer responds with a soft decline.

<response timestamp="20180731090859">
  <merchantid>MerchantId</merchantid>
  <account>internet</account>
  <orderid>N6qsk4kYRZihmPrTXWYS6g</orderid>
  <result>111</result>
  <cvnresult>U</cvnresult>
  <avspostcoderesponse>U</avspostcoderesponse>
  <avsaddressresponse>U</avsaddressresponse>
  <message>SCA Required</message>
  <pasref>14610544313177922</pasref>
  <timetaken>1</timetaken>
  <authtimetaken>0</authtimetaken>
  <cardissuer>
    <bank>AIB BANK</bank>
    <country>IRELAND</country>
    <countrycode>IE</countrycode>
    <region>EUR</region>
  </cardissuer>
  <sha1hash>8f4dfe7460ce91f78a144a2ed4f334617feaaab4</sha1hash>
</response>
Unavailable
Off
Internal Title
XML (Ecommerce Only)
Show Content Nav
On
Tags
Subtitle
Flag an exemption in an authorization message.