When a customer makes remote (i.e. All conditions must be met for online transactions:
The transaction is not more than EUR30
Since the last time SCA was applied, the customer has made at least EUR100 via remote transactions.
Since the last application of SCA, the customer has completed five or fewer remote transactions consecutively
Transaction Risk Analysis (Article 18)
SCA is not required for certain transactions that are low-risk.
This exemption is powerful and requires that Payment Services Providers have a strong record of fraud prevention.
The Payment Service Provider must demonstrate that there is a low rate of fraud overall before it can apply for the exemption. This applies to both general fraud and specific transactions.
To establish this, the Payment Services Provider will need to conduct a real-time analysis of risk.
The customer has not made unusual purchases or displayed unusual behavior.
There is no evidence that the customer has used an unusual device or accessed any app.
