← Blog

3DS2 Exemption Strategy for European Checkouts: A Complete Guide

Published May 17, 2026 · Generated by Bylined

If you accept card payments from European customers, 3D Secure 2 has likely reshaped your checkout experience. Strong Customer Authentication requirements can add friction at the moment customers convert, driving cart abandonment and lost revenue. Yet beneath these compliance mandates lies a strategic opportunity: the right exemption strategy can keep your checkout seamless while maintaining full regulatory compliance.

New rules for Strong Customer Authentication came into effect in most European countries during 20211, fundamentally changing how merchants handle online transactions. Understanding which exemptions apply to your business, how to request them correctly, and when liability shifts occur can mean the difference between a frictionless checkout and one that hemorrhages conversions. This guide breaks down every exemption type available for European merchants and how to implement them effectively.

Understanding 3DS2 and SCA in the European Context

Strong Customer Authentication regulations, introduced in January 2021 across the EU and enforced in the UK by March 2022, aim to secure online transactions. The scope of these rules is precise: SCA applies when both the payment processor and the customer are within the EEA or UK2, and the transaction is considered out of scope if either party is outside these regions3. For merchants processing cross-border payments, this geographic distinction determines which authentication requirements apply.

Since 31 December 2020, all electronic transactions processed in the European Economic Area have been subject to SCA4, with the UK setting its own enforcement date of 14 March 20225. Major payment schemes have responded by requiring issuers and acquirers to support the enhanced standard for securing online payments, specifically EMV 3DS 2.2, since October 2022. This means merchants must ensure their payment infrastructure supports the latest authentication protocols to remain competitive and compliant.

The Four Primary Exemption Categories

Not every transaction requires full authentication. European regulations provide several exemption categories that, when properly applied, allow merchants to process payments without triggering additional security steps. Each exemption serves different transaction profiles and carries distinct liability implications.

The low-value payment exemption applies to transactions under €30, where merchants can request exemption from authentication requirements. These small-ticket transactions represent a manageable fraud risk relative to the friction that authentication would introduce. However, the issuing bank monitors these transactions, and after five transactions or a cumulative amount exceeding €100, an SCA verification will be triggered6.

According to Visa Europe, it's estimated that about 40-50% of e-commerce transactions by volume could be exempt from SCA if certain criteria are met7. This represents a substantial opportunity for merchants to reduce checkout friction across their transaction mix. The key is understanding which exemption category fits each transaction and ensuring your payment provider can intelligently route requests.

Transaction Risk Analysis: Your Most Powerful Exemption

Transaction Risk Analysis represents the most flexible exemption available to European merchants. The TRA exemption is only available for EMV 3DS, specifically Visa Secure v2.2 and Mastercard Identity Check v2.1 extension or v2.28. Under this framework, merchants with historically low fraud rates can request exemption for transactions up to €100, €250, or even €500 or the sterling equivalent9, depending on their fraud performance history.

The exemption thresholds correlate directly with fraud rates. For transactions between €0 and €100, acquirers must maintain a fraud rate below 0.13% to qualify for exemption. If the acquirer's fraud rate is higher than 0.13%, or if the transaction totals more than €500, SCA will be enforced10. MultiSafepay can process TRA exemptions up to €500, allowing you to process more transactions without 3DS verification11.

Online fraud is on the rise in Europe, with over 73% of fraud resulting from online transactions12, making TRA a critical tool for merchants who have invested in fraud prevention. The exemption rewards these investments by allowing smoother customer experiences for legitimate transactions.

Delegated Authentication: Shifting Liability to Your PSP

Beyond TRA and low-value exemptions, merchants can implement delegated authentication through their payment service provider. When exemptions are granted, payment service providers can process transactions without SCA13, effectively taking on the authentication decision and associated liability. When a transaction is authenticated through 3DS, liability for fraud generally shifts from the merchant to the card-issuing bank14.

However, the liability shift mechanics deserve careful attention. This means merchants cannot unilaterally claim exemption; the issuer must agree. Understanding this dynamic helps merchants set accurate expectations about their actual liability exposure under each scenario.

Real-World Exemption Strategy Examples

The right exemption approach depends heavily on your business model and average transaction value. Company X, which specializes in gift cards with an average order value of €2015, sits squarely within the low-value exemption threshold. For this merchant, every transaction naturally qualifies for the under-€30 exemption, assuming no cumulative threshold triggers. Company Y, a retailer of high-end scented candles and diffusers, has an AOV of €15016, placing most transactions above both the low-value and TRA thresholds for smaller merchants. This merchant would need to rely primarily on TRA exemptions based on fraud rate performance or delegated authentication through their PSP.

Subscription businesses benefit from a different exemption dynamic. A fitness center charging a member's card $60 monthly after an initial sign-up only needs SCA once on the initial transaction17. Subsequent recurring charges can leverage the trusted beneficiary exemption, eliminating friction for returning customers while maintaining compliance on initial enrollment.

High-value B2B payments represent another strategic use case. A tech startup paying its $3,000 cloud hosting bill via a card payment can avoid authentication hurdles, ensuring timely service without interruptions18. For transactions at this scale, the TRA exemption provides the most reliable path to frictionless processing, assuming the merchant's fraud rates support the qualification threshold.

Measuring the Business Impact

The numbers tell a compelling story. 3DS friction reportedly causes an average of 25% declines, with higher rates in countries such as France and Italy, of which 15-30% are the result of cart abandonment19. With some issuers, the approval ratio for 3DS transactions may be up to 20% lower20, meaning authentication challenges directly reduce successful transaction rates. Implementing a thoughtful exemption strategy potentially reduces cart abandonment rates by up to 15%21.

Real-world results validate these projections. FixPart noticed an increase of almost 10% in their credit card success rate22 after optimizing their exemption strategy. For high-volume merchants, even single-digit percentage improvements translate to substantial revenue recovery.

Technical Implementation: Data Is Everything

It's now possible for merchants to pass more than 100 data elements to card issuers for more intelligent risk scoring23. Passive sharing of more than 100 data points, 10x the current volume, for each transaction enables issuers to perform better risk analysis24.

This data explosion works in merchants' favor when seeking exemptions. More data points give issuers greater confidence in risk assessments, making them more likely to approve exemption requests. Merchants should ensure their payment integration sends comprehensive transaction data—device information, account history, shipping details, and behavioral signals—to maximize exemption approval rates.

Soft declines account for 80-90% of all declines25, meaning most declined transactions aren't fraud rejections but rather authentication failures that could be resolved through better exemption routing. Understanding this distinction helps merchants focus optimization efforts on the transactions that matter most.

Building Your Exemption Strategy

The most effective exemption strategies layer multiple approaches based on transaction characteristics. Start by mapping your transaction distribution against exemption thresholds. If most of your orders fall below €30, prioritize low-value exemption requests. If your AOV sits between €100 and €500, invest in TRA qualification. For mixed portfolios, implement dynamic routing that selects the optimal exemption path for each transaction in real-time.

Work with your payment service provider to ensure they support the latest protocol versions. The TRA exemption requires Visa Secure v2.2 and Mastercard Identity Check v2.1 extension or v2.2. Outdated implementations may not qualify for exemptions you're entitled to claim.

Finally, monitor your exemption approval rates and fraud metrics continuously. The TRA thresholds depend on your acquirer's fraud performance, which can fluctuate. Regular performance reviews help you identify when to adjust exemption strategies or invest in additional fraud prevention to maintain qualification thresholds.

Conclusion

European 3DS2 compliance doesn't have to mean checkout friction. By understanding the full landscape of exemption options—low-value thresholds, TRA qualification, and delegated authentication—merchants can build strategies that satisfy regulatory requirements while preserving smooth customer experiences. The merchants who master these exemptions will capture conversions that competitors lose to authentication friction.

Start by auditing your current transaction mix, identifying which exemption categories apply to your business model, and working with your payment provider to implement intelligent routing. The investment in exemption optimization typically pays for itself within weeks through recovered abandoned carts and improved approval rates.

Sources

  1. “New rules for Strong Customer Authentication (SCA) came into effect in most European countries during 2021.” — https://www.checkout.com/blog/the-evolution-of-the-3d-secure  ·  archive
  2. “SCA only applies when both the payment processor and the customer are within the EEA or UK.” — https://primer.io/blog/sca-exemptions-guide  ·  archive
  3. “The transaction is considered out of scope if either party is outside these regions.” — https://primer.io/blog/sca-exemptions-guide  ·  archive
  4. “Since 31 December 2020, all electronic transactions processed in the European Economic Area (EEA) have been subject to SCA” — https://www.checkout.com/blog/the-evolution-of-the-3d-secure  ·  archive
  5. “The UK has an SCA enforcement date of 14 March 2022” — https://www.checkout.com/blog/the-evolution-of-the-3d-secure  ·  archive
  6. “The issuing bank will monitor these transactions and after five transactions, or a cumulative amount of € 100, an SCA verification will be triggered.” — https://www.multisafepay.com/blog/everything-you-need-to-know-about-3ds-22-exemptions-liability-shift  ·  archive
  7. “According to Visa Europe, it's estimated that about 40-50% of E-commerce transactions by volume could be exempt from SCA if certain criteria are met.” — https://www.checkout.com/blog/tra-exemptions-explained  ·  archive
  8. “The TRA exemption is only available for EMV 3DS, specifically Visa Secure v2.2 and Mastercard Identity Check v2.1 extension or v2.2.” — https://www.checkout.com/blog/tra-exemptions-explained  ·  archive
  9. “This exemption can apply to transactions up to €100, €250, or even €500 or the sterling equivalent” — https://primer.io/blog/sca-exemptions-guide  ·  archive
  10. “If the acquirer's fraud rate is higher than 0.13%, or if the transaction totals more than €500, SCA will be enforced” — https://www.checkout.com/blog/tra-exemptions-explained  ·  archive
  11. “MultiSafepay can process TRA exemptions up to € 500, allowing you to process more transactions without 3DS verification.” — https://www.multisafepay.com/blog/everything-you-need-to-know-about-3ds-22-exemptions-liability-shift  ·  archive
  12. “Online fraud is on the rise in Europe, with over 73% of fraud resulting from online transactions” — https://www.checkout.com/blog/tra-exemptions-explained  ·  archive
  13. “When exemptions are granted, payment service providers (PSP's) can process transactions without SCA” — https://www.forter.com/blog/preparing-for-psd2-exemptions/  ·  archive
  14. “When a transaction is authenticated through 3DS, liability for fraud generally shifts from the merchant to the card-issuing bank.” — https://primer.io/blog/sca-exemptions-guide  ·  archive
  15. “Company X, which specializes in gift cards with an average order value (AOV) of €20” — https://primer.io/blog/sca-exemptions-guide  ·  archive
  16. “Company Y, a retailer of high-end scented candles and diffusers, has an AOV of €150” — https://primer.io/blog/sca-exemptions-guide  ·  archive
  17. “A fitness center charging a member's card $60 monthly after an initial sign-up only needs SCA once on the initial transaction.” — https://celerispay.com/3ds-exemptions-explained/  ·  archive
  18. “A tech startup paying its $3,000 cloud hosting bill via a card payment can avoid authentication hurdles, ensuring timely service without interruptions.” — https://celerispay.com/3ds-exemptions-explained/  ·  archive
  19. “3DS friction reportedly causing an average of 25% declines – more in countries such as France and Italy, of which 15-30% are the result of cart abandonment” — https://www.forter.com/blog/preparing-for-psd2-exemptions/  ·  archive
  20. “With some issuers, the approval ratio for 3DS transactions may be up to 20% lower” — https://www.forter.com/blog/preparing-for-psd2-exemptions/  ·  archive
  21. “potentially reduces cart abandonment rates by up to 15%” — https://celerispay.com/3ds-exemptions-explained/  ·  archive
  22. “FixPart noticed an increase of almost 10% in their credit card success rate.” — https://www.multisafepay.com/blog/everything-you-need-to-know-about-3ds-22-exemptions-liability-shift  ·  archive
  23. “It's now possible for merchants to pass more than 100 data elements to card issuers for more intelligent risk scoring.” — https://www.checkout.com/blog/the-evolution-of-the-3d-secure  ·  archive
  24. “Passive sharing of more than 100 data points (10x the current volume) for each transaction enables issuers to perform better risk analysis” — https://www.paysafe.com/en/blog/why-online-merchants-must-implement-3ds2-now/  ·  archive
  25. “Soft declines account for 80-90% of all declines.” — https://www.checkout.com/blog/the-evolution-of-the-3d-secure  ·  archive
See your own AI visibility

Bylined runs the same audit you saw at the top of the homepage, then writes the article that fixes the gap.

Try it free