Judopay Documentation

What is Strong Customer Authentication?

The Payment Services Directive (PSD2), has introduced a new regulatory requirement: Strong Customer Authentication (SCA). The aim of the SCA is to add an increased layer of security for card not present transactions, when making mobile and online payments.

To authenticate the transaction, merchants can verify the consumer's identity with the Issuer. To be compliant with SCA, 3D Secure 2 transactions have additional authentication and transaction information within the payment flow.

This new version of 3D Secure, offers a better user experience and helps to minimise some of the friction the authentication adds to the checkout flow.

SCA requires authentication to use at least two of the following three aspects:

  • Something the consumer knows.

    For example, password or PIN.

  • Something the consumer has

    For example, phone or hardware token.

  • Something the consumer is.

    For example, fingerprint or face recognition.

Exemptions to Strong Customer Authentication

Merchants can request specific customer initiated transactions be exempt from Strong Customer Authentication (EMV 3D Secure). 

This has the benefit of reducing friction for your customers and related checkout dropouts.


Judopay will not currently automatically apply for transaction exemptions on behalf of the merchant.

Available Exemptions:

  • Low-Value Transactions:

    • Transactions up to €45 do not require SCA, up to a maximum of five consecutive transactions, or a cumulative limit of €100.


    The consecutive transactions and cumulative limit are made up of all transactions against the card and not the merchant. When the limit is reached, the Issuer will request the consumer to be challenged, before authorising the transaction.

  • Low-Risk Transactions:

    • The Transaction Risk Analysis (TRA) exemption flag allows for certain remote transactions to be exempt from SCA, provided a robust risk analysis is performed.

  • Trusted Beneficiaries (Whitelisting):

    • This exemption flag gives the cardholder the option to add the merchant to their trusted list.

  • Secure Corporate Payments:

    • Request exemption for payments made using a corporate card.

Exemption Flags

Exemption flags provide you with the option to request the Issuer, to not challenge their customer at the time of the transaction.

Judopay has introduced the following exemption flags for you to add per transaction:

  • ChallengeRequestIndicator

    Indicates the type of challenge request.

  • ScaExemption

    The customer initiated transaction type, that is exempt from SCA.


This is subject to the Issuer’s decision; they do not have to honour this request and can reject authentication with a soft decline.

A soft decline is where the Issuer rejects the exemption and requests the customer be challenged for 3D Secure. For more information, see Overview of the Integration via API.

For more information, see API Reference /Payments.