Appendix 1: Apata 3D Secure Rules

Permits exemptions requested by the merchant acquirer.

The maximum number of transactions with frictionless authentication (no challenge) allowed before Challenge screens are shown to the cardholder when attempting an ecommerce transaction.

Applies the configured action if the configured conditions are met. See Adding a Condition Rule.

Permits the Secure Corporate Payment Exemption to be used.

Exemption applied to a repeat transaction (i.e., repeat payment for fixed or variable amount, and fixed and variable interval, to the same payee, governed by an agreement to these payments). The Merchant must flag the transaction as merchant initiated. The first transaction, to set up the transaction, must be authenticated. An example of this type of transaction is a Card on File (CoF) transaction, at a store such as Amazon.

Exempts the transaction if the cardholder has added the merchant to the Trust List of allowed merchants.

Permits exemption from 3D Secure for a transaction type classed as a non-payment transaction (e.g. adding card to a digital wallet, adding a card on file).

The maximum cumulative total (in default rule currency) up to which a frictionless authentication is allowed (the cardholder will not be presented with any challenge screens).

Applies the low value exemption under the PSD2 rules, if the following conditions are met:

• Transaction value is less than 30.00 EUR

• Cumulative spend since last challenge is less than 100 EUR

• Number of transactions since last challenge is less than 5

Used for handling transactions where the issuer (BIN sponsor) or acquirer is not within EEA; in this case Strong Customer Authentication (SCA) is exempted as one leg out.