On this page
No Headings
Last updated: May 27, 2026
Merchants operating in the European Economic Area (EEA) are mandated to support Strong Customer Authentication (SCA) on ecommerce transactions to meet the Payments Service Directive 2/Regulatory Technical Standards (PSD2/RTS) regulations.
The new rules stipulate that Strong Customer Authentication (SCA) be performed on all transactions, with a limited set of exceptions.
Merchants may request an exemption prior to the authorization using 3D Secure. When requested, the same exemption must be provided in the authorization. Issuers may use SCA exemption indicators to help decide whether or not to approve an authorization request. Issuers may still decline indicating that additional cardholder authentication is required.
Exemption reason descriptions:
Payflow currently supports SCA Exemptions for the following processors:
After you've integrated with an 3D Secure MPI, you can use SCA exemptions to exempt future transactions from having to do additional 3D Secure calls by passing the required parameters outlined in this documentation. For example, customer orders a product online where you validate with 3D Secure and then they set up a monthly renewal where you bill them using a merchant initiated (MIT) or recurring (RP) exemption.
Note: SCAEXEMPTION should be used in conjunction with 3D Secure and Card on File (CoF).
Important: For American Express you must use SCAEXEMPTION with CARDONFILE. If both parameters are not passed in your request the exemption will not be sent.
| Field | Description | Data type/max length | Processor support |
|---|---|---|---|
SCAEXEMPTION | Value to flag exemption status. Only one of the following values can be sent: TM, SCP, TRA, LVP, MIT, RP, SD, TMSee descriptions above. | alphanumeric, 3 | All |
CITDATE | MasterCard only Merchant initiated (MIT) and recurring (RP) transactions must contain the original settlement date which is received from the initial Cardholder Initiated (CITI) transaction response.Format: MMDD | alphanumeric, 4 | FISERV North |
VMAID | Visa only Visa Merchant Authentication ID assigned by Visa EU.If SCAEXEMPTION value is either TM or SD then VMAID is required. | alphanumeric, 8 | FISERV North |
Note: Set VERBOSITY to HIGH to make sure you receive all the data returned in the response.
VENDOR=MerchantUserID&PARTNER=PayPal&USER=UserIDIfAvailOrSameAsVendor&PWD=Pwd4Payflow&TRXTYPE=S&TENDER=C&ACCT=4500XXXXXXXX0061&EXPDATE=1225&AMT=111.27&CAVV[28]=AAABBhBxKAAAAAAAAAAAAAAAAAA=&BILLTOSTREET=12115 LACKLAND&BILLTOZIP=63146&ECI=5&SCAEXEMPTION=SD&VMAID=12345678&THREEDSVERSION=2.0&VERBOSITY=HIGH