Notice on new French regulations for internet payments outside of 3-D Secure.

For internet payments outside of 3-D Secure, the velocity limit is set at 100 euros since 14 October 2024.

This limit will be lowered to:

  • 10 euros from 10 April 2025 onwards;
  • 1,01 euros from 10 May 2025 onwards; from this date, internet payments outside 3-D Secure, which are strictly higher than 1 euro, will no longer be admitted. This rule does neither apply to CITs recognized by the issuer as strongly authenticated, (ii) nor to MITs associated to a valid chaining reference, (iii) nor to 0 euro information requests, and (iiii) nor to 0 euro pre-authorizations.
  • Merchants are invited to check the qualification of their authorization requests ≥1 euro, to make a difference between authorization requests and other use cases (card verification, balance inquiry, preauthorization etc.) because this limit could be lowered down to 0.01 euro form 1 January 2026

Data Elements 


KeyFormatCNDDescription
1

skipThreeDS

string

O

Indicates whether and under which conditions authentication should be skipped or performed as data share only (dataOnly). By default, all transactions and SCA exemptions will be requested through EMV 3DS if not specified otherwise.

Values accepted:

  • thisTransaction

  • outOfScope

  • dataOnly
2

threeDSExemption

object

O

Object detailing requested SCA exemptions

3

challengePreference

stringC

Indicates the merchant's challenge preference for this transaction during 3DS authentication. Mandatory only after a Soft Decline to re-trigger the transaction with 3DS and challenge mandated. Default value noPreference.

Values accepted:

  • noPreference
  • noChallenge
  • requestChallenge
  • mandateChallenge

Note: This parameter is ignored when SCA Exemption requested (threeDSExemption parameter is present).


threeDSExemption 


KeyFormatCNDDescription
1

exemptionReason

string

M

Designates the type of SCA exemption (e.g. Acquirer TRA or MIT) to be applied.

Values accepted:

  • transactionRiskAnalysis

  • delegatedAuthority

  • lowValue
  • trustedBeneficiary
  • secureCorporatePayment

Note: Acquirer exemptions and other exemptions may be also requested through an authorization without authentication (i.e. EMV 3DS or EMV 3DS Data Only) depending on scheme specific rules.

Note: The exemption trustedBeneficiary is only valid for VISA.

2

merchantFraudRate

integer

O

Merchant fraud rate in bps taking into account all Merchant sites and card volumes, calculated as per PSD2 RTS Article 19.

The merchant fraud rate is optional and has to be calculated by the Acquirer.

The submission of this data point might be beneficial to increase the level of confidence of the ACS/issuer into the ongoing transaction. Also, Issuers may use it to decide if a merchant should be eligible for the white listing exemption.


Schema

(info) BASEURL= https://www.computop-paygate.com/schemas

{
	"$schema": "http://json-schema.org/draft-07/schema#",
	"$id": "BASEURL/threeDSPolicy.json",
	"title": "threeDSPolicy",
	"description": "3DS Policy",
	"type": "object",
	"properties": {
		"skipThreeDS": {
			"type": "string",
			"enum": ["thisTransaction", "outOfScope", "dataOnly"] 
		},
		"threeDSExemption": {
			"type": "object",
			"properties": {
				"exemptionReason": {
					"type": "string",
					"enum": ["transactionRiskAnalysis", "delegatedAuthority", "lowValue", "trustedBeneficiary", "secureCorporatePayment"]
				},
				"merchantFraudRate": {
					"type": "integer",
					"minimum": 1,
					"maximum": 99
				}
			},
			"required": ["exemptionReason"],
			"additionalProperties": false
		},
		"challengePreference": {
			"type": "string",
			"enum": ["noPreference", "noChallenge", "requestChallenge", "mandateChallenge"] 
		},
	},
	"additionalProperties": false
}

Sample - SCA exemption request

{
	"skipThreeDS": "thisTransaction",
	"threeDSExemption": {
		"exemptionReason": "transactionRiskAnalysis",
		"merchantFraudRate": 4
	}
}

Sample - re-trigger after Soft Decline

{
	"challengePreference": "mandateChallenge"
}