# AI告诉欧盟金融科技公司他们可以绕过30欧元以下低价值支付的强客户认证，却忽略了每日累计交易限额100欧元或连续5笔交易

- **ID:** `banking/psd2-sca-low-value-exemption`
- **领域:** banking
- **类别:** auth_error
- **错误码:** `PSD2-SCA-EXEMPT-001`
- **验证级别:** ai_generated
- **修复率:** 80%

## 根因

根据PSD2监管技术标准第11条，低价值非接触式支付豁免（30欧元）受累计上限约束：一旦连续豁免交易总额达到100欧元或5笔交易，下一次交易必须进行SCA认证；豁免仅在下次SCA认证交易后重置

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| PSD2 RTS (EU) 2018/389 | active | — | — |
| EBA SCA Guidelines v2.2 (2024) | active | — | — |

## 解决方案

1. ```
   Track the cumulative count and amount server-side; after 4 consecutive exempted transactions or €95 cumulative, force SCA on the next payment by setting the 'scaExemption' field to 'none' in the payment initiation request
   ```
2. ```
   Use a 'delayed SCA' pattern: request SCA after the 5th low-value payment in a batch, using a single OTP for all 5, but this requires the issuer to support batch SCA (rare)
   ```
3. ```
   Implement a 'wallet top-up' model: the user pre-loads €150 via a single SCA-authenticated transaction, then spends in low-value increments without further SCA; the wallet balance acts as the cumulative cap
   ```

## 无效尝试

- **** — Zero-value authorizations are not considered 'SCA-authenticated transactions' under Article 11; the counter only resets after a full SCA challenge (e.g., OTP or biometric) (90% 失败率)
- **** — TRA exemption requires a fraud rate below 0.01% and is only available for payments above €30; it cannot be used for low-value payments that fail the cumulative cap (85% 失败率)
- **** — PISPs are still subject to PSD2 RTS; they must apply SCA for the first payment and can only use exemptions for subsequent payments if the cumulative cap is respected (95% 失败率)