{
  "id": "banking/psd2-sca-low-value-exemption",
  "signature": "AI tells an EU fintech that they can bypass Strong Customer Authentication (SCA) for low-value payments under €30, ignoring the cumulative transaction limit of €100 per day or 5 consecutive transactions",
  "signature_zh": "AI告诉欧盟金融科技公司他们可以绕过30欧元以下低价值支付的强客户认证，却忽略了每日累计交易限额100欧元或连续5笔交易",
  "regex": "SCA.*(?:exemption|low.value|€30).*(?:cumulative|cap|limit|5)",
  "domain": "banking",
  "category": "auth_error",
  "subcategory": null,
  "root_cause": "Under PSD2 Regulatory Technical Standards (RTS) Article 11, the low-value contactless payment exemption (€30) is subject to a cumulative cap: once the total of consecutive exempted transactions reaches €100 or 5 transactions, SCA is mandatory for the next transaction; the exemption resets only after the next SCA-authenticated transaction",
  "root_cause_type": "generic",
  "root_cause_zh": "根据PSD2监管技术标准第11条，低价值非接触式支付豁免（30欧元）受累计上限约束：一旦连续豁免交易总额达到100欧元或5笔交易，下一次交易必须进行SCA认证；豁免仅在下次SCA认证交易后重置",
  "versions": [
    {
      "version": "PSD2 RTS (EU) 2018/389",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "EBA SCA Guidelines v2.2 (2024)",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Zero-value authorizations are not considered 'SCA-authenticated transactions' under Article 11; the counter only resets after a full SCA challenge (e.g., OTP or biometric)",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "TRA exemption requires a fraud rate below 0.01% and is only available for payments above €30; it cannot be used for low-value payments that fail the cumulative cap",
      "fail_rate": 0.85,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "PISPs are still subject to PSD2 RTS; they must apply SCA for the first payment and can only use exemptions for subsequent payments if the cumulative cap is respected",
      "fail_rate": 0.95,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Track the cumulative count and amount server-side; after 4 consecutive exempted transactions or €95 cumulative, force SCA on the next payment by setting the 'scaExemption' field to 'none' in the payment initiation request",
      "success_rate": 0.95,
      "how": "Track the cumulative count and amount server-side; after 4 consecutive exempted transactions or €95 cumulative, force SCA on the next payment by setting the 'scaExemption' field to 'none' in the payment initiation request",
      "condition": "",
      "sources": []
    },
    {
      "action": "Use a 'delayed SCA' pattern: request SCA after the 5th low-value payment in a batch, using a single OTP for all 5, but this requires the issuer to support batch SCA (rare)",
      "success_rate": 0.4,
      "how": "Use a 'delayed SCA' pattern: request SCA after the 5th low-value payment in a batch, using a single OTP for all 5, but this requires the issuer to support batch SCA (rare)",
      "condition": "",
      "sources": []
    },
    {
      "action": "Implement a 'wallet top-up' model: the user pre-loads €150 via a single SCA-authenticated transaction, then spends in low-value increments without further SCA; the wallet balance acts as the cumulative cap",
      "success_rate": 0.8,
      "how": "Implement a 'wallet top-up' model: the user pre-loads €150 via a single SCA-authenticated transaction, then spends in low-value increments without further SCA; the wallet balance acts as the cumulative cap",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Track the cumulative count and amount server-side; after 4 consecutive exempted transactions or €95 cumulative, force SCA on the next payment by setting the 'scaExemption' field to 'none' in the payment initiation request",
    "Use a 'delayed SCA' pattern: request SCA after the 5th low-value payment in a batch, using a single OTP for all 5, but this requires the issuer to support batch SCA (rare)",
    "Implement a 'wallet top-up' model: the user pre-loads €150 via a single SCA-authenticated transaction, then spends in low-value increments without further SCA; the wallet balance acts as the cumulative cap"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://eba.europa.eu/regulation-and-policy/consumer-protection-and-financial-innovation/regulatory-technical-standards-on-strong-customer-authentication-and-secure-communication-under-psd2",
  "official_doc_section": null,
  "error_code": "PSD2-SCA-EXEMPT-001",
  "verification_tier": "ai_generated",
  "confidence": 0.87,
  "fix_success_rate": 0.8,
  "resolvable": "true",
  "first_seen": "2024-05-20",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}