# AI告诉欧盟金融科技公司，他们可以绕过30欧元以下低价值支付的强客户认证（SCA），忽略了'交易风险分析'豁免要求动态链接和发卡机构批准

- **ID:** `banking/eu-psd2-scp-strong-customer-authentication`
- **领域:** banking
- **类别:** regulatory_compliance
- **错误码:** `EBA-SCA-002`
- **验证级别:** ai_generated
- **修复率:** 80%

## 根因

根据PSD2和EBA指南，低价值豁免（低于30欧元）仅在支付方式使用动态链接（例如令牌化）且发卡机构明确批准豁免时才适用；许多金融科技公司错误地认为这是自动的，导致不合规和退单风险。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| PSD2 Directive (EU) 2015/2366 | active | — | — |
| EBA Guidelines on SCA (EBA/GL/2021/04) | active | — | — |
| 3D Secure 2.3.1 | active | — | — |

## 解决方案

1. ```
   实施交易风险分析（TRA）与动态链接：使用令牌化系统（例如Visa/Mastercard的网络令牌），并通过3D Secure 2.x协议发送豁免请求，确保发卡机构批准每笔低价值交易。
   ```
2. ```
   对重复性低价值支付使用'商户发起交易'（MIT）模式，首次支付需要SCA，但后续支付如果商户有有效授权且发卡机构同意，可以豁免。
   ```
3. ```
   如果金融科技公司无法满足动态链接要求，则对所有支付应用SCA，无论价值大小，以确保完全符合PSD2。
   ```

## 无效尝试

- **Telling the fintech to implement SCA only for payments above €30 and ignore the exemption rules** — The exemption is not automatic; the payment service provider must perform a transaction risk analysis (TRA) and obtain issuer approval, or the payment may be rejected or flagged as non-compliant. (90% 失败率)
- **Advising the fintech to use static card-on-file tokens without dynamic linking** — Static tokens do not meet the dynamic linking requirement under SCA exemptions; the issuer will likely decline the exemption request. (85% 失败率)
- **Suggesting the fintech disable SCA entirely for recurring payments** — Recurring payments have their own SCA rules (first payment requires SCA, subsequent ones may be exempted only with specific conditions); blanket disabling violates PSD2. (92% 失败率)