Home  /  Blog  /  Tra exemption

Tra exemption

The TRA exemption under PSD2 allows low-risk online transactions to bypass Strong Customer Authentication, creating a smoother checkout experience. By using advanced risk assessment tools, payment providers can maintain security while improving customer satisfaction and reducing cart abandonment.
Updated 12 Nov, 2024

|

read

Hina Arshad

Midweight Copywriter

tra exemption - Illustration

Unlock Your Business Potential with OneMoneyWay

TRA Exemption: A Guide to Understanding Transaction Risk Analysis Under PSD2

With the rise of online shopping, protecting consumers from fraud has become essential. The Payment Services Directive 2 (PSD2) introduced several measures to secure online transactions, including Strong Customer Authentication (SCA). However, SCA adds steps to the payment process, which can discourage customers from completing purchases. To address this, PSD2 allows certain exemptions to SCA, including the Transaction Risk Analysis (TRA) exemption. TRA enables low-risk transactions to bypass additional security steps, creating a smoother customer experience without sacrificing security.

What is Transaction Risk Analysis (TRA)?

Transaction Risk Analysis (TRA) is a risk assessment process that evaluates the potential fraud risk associated with a particular transaction. TRA analyses multiple factors, such as the customer’s purchasing patterns, location, and transaction history, to determine if a transaction poses a low risk of fraud. When the risk is deemed low, the transaction can be exempted from the added layers of SCA, making the payment process faster and more efficient.

TRA allows payment providers to implement a ‘dynamic friction’ approach, applying security measures only when necessary. This targeted approach protects against fraud and provides a seamless experience for low-risk customers, improving satisfaction and potentially increasing sales. TRA significantly reduces cart abandonment rates by allowing legitimate customers to complete transactions more efficiently.

Understanding the TRA Exemption Under PSD2

Under PSD2, the TRA exemption is designed for low-risk transactions. This exemption allows specific payments to bypass SCA requirements, provided the fraud risk is minimal. The TRA exemption is especially beneficial for e-commerce businesses, where requiring SCA for every transaction could lead to higher abandonment rates. With TRA, payment providers can ensure security without overwhelming customers with unnecessary verification steps.

Transactions must meet specific criteria to qualify for the TRA exemption, including maintaining fraud rates below certain thresholds. By adhering to these standards, businesses and payment providers can request the TRA exemption, streamlining the payment process for eligible transactions.

Eligibility and Compliance Requirements for TRA Exemption

Fraud Rate Thresholds

One of the essential requirements for the TRA exemption is that payment service providers (PSPs) must maintain fraud rates below set thresholds. These thresholds vary based on the transaction amount. For instance:

  • For transactions up to €100, the fraud rate must remain below 0.13%.
  • For transactions between €100 and €250, the fraud rate should be under 0.06%.
  • For transactions over €250 but under €500, the fraud rate must not exceed 0.01%.

By keeping fraud rates low, PSPs can qualify for the TRA exemption, which allows them to offer a streamlined payment process for low-risk transactions. Regulatory bodies monitor these thresholds closely, ensuring that PSPs adhere to high-security standards.

Risk Assessment Tools and Techniques

To qualify for the TRA exemption, PSPs must implement advanced risk assessment tools to effectively identify and verify low-risk transactions. Some commonly used tools include:

Device Fingerprinting

This technology verifies a customer’s identity by gathering detailed information about the device used for a transaction, such as the operating system, browser type, installed plugins, and even screen resolution. Creating a unique “fingerprint” of the device helps PSPs distinguish between familiar and new devices. The system can flag the transaction for further review if an unfamiliar or suspicious device is detected. Device fingerprinting also considers how a device is configured, making it difficult for fraudsters to mimic or replicate a legitimate customer’s device setup.

Behavioural Analysis

Payment service providers (PSPs) use behavioural analysis to monitor and learn from a customer’s typical actions during online interactions. This includes typing speed, how they navigate a website, and the frequency and timing of their transactions. For instance, a regular customer might log in daily and purchase in a particular category. If a transaction significantly deviates from these patterns, the system can detect it as unusual and potentially fraudulent. Behavioural analysis uses machine learning to continually update and refine its understanding of normal behaviour, making it more effective.

Location Verification

By tracking a customer’s location, PSPs can ensure that a transaction aligns with their usual activity. Location verification checks whether a customer’s location matches their regular purchasing area. For example, if a customer consistently makes transactions from one city and suddenly initiates a high-value purchase from a foreign country, this could be a red flag. PSPs use IP addresses, GPS data, and network information to assess the transaction’s legitimacy. Additional security measures may be triggered to confirm the customer’s identity if the location appears suspicious.

Reporting Obligations

TRA exemption eligibility requires PSPs to provide regular reports to regulatory authorities. These reports demonstrate the provider’s compliance with fraud rate thresholds and allow regulators to monitor ongoing eligibility. This accountability ensures that only PSPs with robust fraud prevention measures can maintain TRA exemption status.

Failure to meet reporting obligations or exceed fraud thresholds can result in a loss of TRA eligibility, leading to additional verification steps for customers and potentially lower transaction completion rates.

How Do Payment Service Providers Use TRA Exemption?

Payment Service Providers (PSPs) employ the Transaction Risk Analysis (TRA) exemption to make the payment process more efficient by bypassing Strong Customer Authentication (SCA) for transactions considered low risk. This process involves several critical steps:

How PSPs Handle Transaction Risk

Payment Service Providers (PSPs) use sophisticated technology to assess the risk of each transaction in real-time. This process involves analysing various data points to make an informed decision about whether a transaction is safe. They look at the customer’s spending patterns, such as how often and where they typically purchase. They also review past transaction history to see if there have been any suspicious or unusual activities. Additionally, PSPs gather device information, like the type of device used and its settings, to detect any irregularities. By combining these factors, PSPs can accurately determine if a transaction poses a low risk or needs more scrutiny.

Deciding if a Transaction Qualifies for TRA Exemption

Once a PSP has assessed a transaction, the next step is to decide if it qualifies for the TRA exemption. If the risk analysis shows a low-risk transaction, the PSP can skip the Strong Customer Authentication (SCA) process. This means the customer won’t have to undergo extra verification steps, like entering a password or using a one-time code. As a result, the payment process becomes faster and more convenient for the customer, creating a seamless checkout experience. However, this exemption is only applied when there is strong evidence that the transaction is unlikely to be fraudulent.

Teaming Up with Acquirers to Manage Risk

Acquirers, the financial institutions that process payments on behalf of merchants, are crucial partners in the TRA exemption process. They work closely with PSPs to assess each transaction’s risk accurately. Acquirers are vital in maintaining security and efficiency, as they are responsible for facilitating the payment while ensuring compliance with regulatory standards. By collaborating with PSPs, acquirers help ensure that the right transactions are exempted from SCA. This partnership allows for a smooth and secure payment experience, benefiting merchants and their customers.

Making Sure the Right Technology and Skills are in Place

For the TRA exemption to work effectively, acquirers must ensure that the PSPs they work with have the necessary technology and expertise. This means having advanced systems that can analyse risk factors in real time and accurately detect potential fraud. It also requires skilled professionals who understand how to use these tools and interpret the data correctly. With the right infrastructure and expertise, PSPs can confidently apply the TRA exemption only to genuinely low-risk transactions, ensuring both convenience and safety.

Simplifying the Checkout Process

The ultimate goal of using the TRA exemption is to make the checkout process as smooth as possible for customers. When PSPs and acquirers successfully identify low-risk transactions, they can remove unnecessary authentication steps. This reduction in friction means customers can complete their purchases more quickly and with less hassle. For businesses, this translates to fewer abandoned carts and more completed sales. By making the payment experience more efficient, merchants can improve customer satisfaction and loyalty, ultimately boosting their revenue.

Real-Life Examples of TRA Exemption Application

Example 1

Consider an online fashion retailer that experiences high rates of cart abandonment due to the additional authentication steps required for SCA. By integrating the TRA exemption into their payment process, the retailer collaborates with their PSP to assess the risk level of every transaction. When a returning customer makes a low-value purchase from a familiar device, the TRA exemption allows the transaction to proceed without extra security measures. This smooth checkout experience encourages customers to complete their purchases, leading to fewer abandoned carts and higher sales.

Example 2

Another example involves a subscription-based streaming service. Regular subscribers paying monthly fees can benefit from the TRA exemption, as recurring transactions often carry minimal risk. The PSP uses TRA to assess the risk profile, and when the system confirms that the payment is low-risk, the customer is not prompted for additional authentication. This consistent and hassle-free experience enhances customer satisfaction, making them more likely to continue using the service.

In both cases, the TRA exemption improves the customer experience and helps businesses optimise payment processes. Companies can increase revenue and strengthen customer loyalty by reducing barriers to completing transactions. Many large e-commerce platforms and digital service providers have adopted TRA to enhance the efficiency of their checkout systems, creating a more competitive and user-friendly environment for online shopping.

Challenges and Limitations of Implementing TRA Exemption

Technical Challenges

One significant barrier to adopting TRA is the need for sophisticated real-time risk assessment systems. PSPs must integrate advanced security technologies, such as machine learning algorithms and behavioural analytics, to assess transaction risk accurately. These systems require high technical expertise and can be costly to maintain.

PSPs cannot reliably identify low-risk transactions without robust risk assessment tools, leading to increased fraud rates and the potential loss of TRA exemption eligibility. Ensuring the necessary technology infrastructure is in place is essential for successful TRA implementation.

Regulatory Compliance Challenges

Another challenge involves meeting strict compliance requirements. Regulatory authorities closely monitor TRA fraud rates and reporting standards, making it difficult for some PSPs to maintain eligibility. To adhere to these requirements, PSPs must invest in ongoing compliance measures, including regular audits and detailed reporting processes.

For some financial institutions, especially smaller banks, the cost and complexity of maintaining compliance may outweigh the benefits of the TRA exemption, leading them to adopt alternative strategies.

Adoption Barriers for Smaller Banks

Larger financial institutions generally have the resources to implement TRA effectively, but smaller banks may need help with the associated infrastructure costs. The requirement for advanced risk assessment systems, continuous monitoring, and regulatory reporting can be burdensome for smaller banks, limiting their ability to offer TRA-exempt transactions.

The costs of meeting TRA exemption standards may prevent these institutions from participating fully in the programme. As a result, smaller banks may have fewer options for optimising customer experiences through exemptions.

Impact of TRA Exemption on Consumers and Businesses

For Consumers

The TRA exemption offers clear benefits for consumers by reducing the number of authentication steps required for low-risk transactions. This streamlined experience can make online shopping faster and more convenient, leading to higher satisfaction and loyalty. With fewer interruptions during checkout, consumers can complete purchases more efficiently, encouraging them to shop more frequently.

Additionally, the TRA exemption reduces the likelihood of cart abandonment, as customers are less likely to abandon their purchases when they can avoid extra authentication steps.

For Businesses

For businesses, the TRA exemption provides an opportunity to increase conversion rates and reduce cart abandonment. By minimising authentication friction for low-risk transactions, companies can create a more seamless checkout experience, which can directly impact revenue. With more customers completing their purchases, businesses can see a boost in sales and improved customer retention.

TRA exemption also contributes to cost savings by reducing the need for manual review and intervention in payment processing. By allowing technology to assess transaction risk, businesses can streamline operations and allocate resources more efficiently.

Success Stories of the Adoption of the TRA Exemption

Several major e-commerce platforms and financial institutions have successfully implemented the TRA exemption, enhancing security and user experience. One example is a leading global payment provider that uses TRA to evaluate transaction risk in real time. This provider’s system analyses multiple risk factors, including customer location and device information, to identify low-risk transactions that qualify for the exemption. By adopting TRA, the provider has reduced fraud rates while providing a smoother payment experience for low-risk customers.

Another example involves a prominent online retailer that leverages TRA to improve checkout efficiency. This retailer’s use of TRA has enabled it to lower cart abandonment rates by allowing low-risk customers to skip additional authentication steps. A faster, more user-friendly payment experience increases customer satisfaction and repeat purchases.

Future of TRA Exemptions and Evolving Regulatory Standards

Advancements in Technology for TRA

Machine Learning and AI Improvements

Machine learning and artificial intelligence (AI) are expected to enhance PSPs’ risk assessment capabilities, making TRA more accurate and efficient. By identifying low-risk transactions with greater precision, PSPs can further minimise the need for SCA in secure transactions.

Predictive Analytics

Predictive analytics enables PSPs to proactively identify fraud risks based on historical data, allowing a more anticipatory approach to risk management. With predictive models, PSPs can refine their TRA processes, ensuring only high-risk transactions undergo additional checks.

Behavioural Biometrics

Technologies like behavioural biometrics, which analyse individual behaviours such as typing patterns or touchscreen interactions, can provide deeper insights into a customer’s identity. These innovations could help PSPs more accurately gauge transaction risk, especially for regular customers.

Evolving Regulatory Standards for TRA

Updating Fraud Rate Thresholds

As digital payment ecosystems change, regulators may adjust fraud rate thresholds to reflect emerging threats and transaction trends. These updated standards could impact the eligibility for TRA exemptions, requiring PSPs to maintain even stricter fraud controls.

New Guidelines for Digital Payments

Regions may introduce new rules to address evolving security risks, as digital payments become increasingly complex. Future guidelines might require PSPs to adopt enhanced verification methods or reporting standards, affecting how TRA is implemented.

Global Regulatory Alignment

As cross-border transactions grow, regulatory bodies may work toward aligning TRA standards internationally. Such global cooperation could facilitate a more consistent approach to risk assessment across different regions, benefiting consumers and businesses involved in international commerce.

FAQs

How does the TRA exemption impact liability for fraudulent transactions?

When a payment service provider (PSP) applies the TRA exemption and a fraudulent transaction occurs, the liability generally falls on the PSP. This setup emphasises the importance of maintaining robust risk assessment mechanisms to identify low-risk transactions accurately.

Can merchants directly apply the TRA exemption to transactions?

No, merchants cannot directly apply the TRA exemption; it is the responsibility of the payer’s or payee’s PSP. However, merchants can work closely with their PSPs, sharing transaction data that might support the exemption’s application.

How do TRA exemptions differ from other SCA exemptions under PSD2?

The TRA exemption is unique because it relies on real-time risk assessment to identify low-risk transactions. In contrast, other SCA exemptions apply to specific transaction types, like low-value payments, recurring payments, and trusted beneficiaries. Each exemption has criteria, with the TRA exemption requiring PSPs to maintain fraud rates below certain thresholds.

What are the fraud rate thresholds required to apply the TRA exemption?

To qualify for the TRA exemption, PSPs must keep their fraud rates within specific limits:

  • Transactions up to €100 require a fraud rate below 0.13%.
  • Transactions between €100 and €250 require a fraud rate below 0.06%.
  • Transactions between €250 and €500 require a fraud rate below 0.01%.

These thresholds ensure that only PSPs with robust fraud prevention can apply for the exemption.

How does the TRA exemption affect the customer experience during online transactions?

The TRA exemption improves the customer experience by allowing low-risk transactions to bypass additional authentication steps, creating a more seamless checkout process. This reduction in friction often leads to higher conversion rates and increased customer satisfaction, as legitimate customers encounter fewer obstacles when completing purchases.

Hina Arshad

Content Writer at OneMoneyWay

You may also like

How to open a company in latvia

How to open a company in latvia

How to open a company in Latvia? Latvia, a vibrant Baltic state strategically positioned at the crossroads of Europe, stands out as an exceptional destination...

read more

Get Started Today

Unlock Your Business Potential with OneMoneyWay

OneMoneyWay is your passport to seamless global payments, secure transfers, and limitless opportunities for your businesses success.