Transaction-specific strong customer authentication

We offer a separate daily data file containing transaction-specific strong customer authentication data to ease the issuer´s reporting requirements.

In response to the European Central Bank’s, and subsequently the local authorities, requirements to provide payment statistics (ECB/2020/59), in addition to the existing DWH files we provide an additional daily report with transaction-specific information about strong customer authentication (SCA). The data provided will determine if SCA was performed, and if it wasn’t, which PSD2 exemption was applied.

  • File format: CSV
  • Frequency: Daily file
  • Institution specific report
  • Naming of the file: ‘InstitutionID + SCA + reporting date + reporting time’
    • Example: ‘123456_SCA_2021-11-22-09-37-55’
Sample
ID;TRANS_DATE;SCA_non_SCA;non_SCA_reason;
1122334455;2023-02-14 14:22:05;SCA;;
6677889900;2023-02-14 17:37:47;NON-SCA;Contactless Low Value;
1234567890;2023-02-15 00:00:00;NON-SCA;Recurring Transaction;
Field nameField typeMandatoryDetails
IDNUMBER(18,0)YesEnfuce generated database ID for the transaction.
TRANS_DATEDATEYesThe local date (and time) when the transaction was made. Local date/time= the date/time in the time zone in which the payment terminal is.YYYY-MM-DD hh:mm:ss
For MasterCard transactions, the date and time stamp both are provided as those are available in a clearing file.
For Visa, only the date is available as Visa only includes the date in clearing files.
SCA_non_SCAVARCHAR2(32)YesPossible values: SCA, NON-SCA
If the customer is strongly authenticated or not.
non_SCA_reasonVARCHAR2(32)YesReason: if the customer was not strongly authenticated.
Possible values: Unattended Terminal, Contactless Low Value, Outside EEA, Recurring Transaction, Merchant Initiated Transaction, Low Value Transaction, Other

When determining the exemption for why SCA was not performed, there can be multiple reasons that apply. Enfuce uses an official prioritisation when deciding which exemption to use when multiple of them apply.

Prioritisation of SCA exemptions

  1. Is the transaction strong customer authenticated (“SCA”)?
  2. If not SCA, is it initiated outside EEA? If yes, then Outside EEA
  3. If not SCA, is it a contactless low value transaction? If yes, then Contactless Low Value
  4. If not SCA, is it initiated at an unattended terminal? If yes, then Unattended Terminal
  5. If not SCA, is it a recurring transaction? If yes, then Recurring Transaction
  6. If not SCA, is it a low value transaction? If yes, then Low Value Transaction
  7. If not SCA, is it a merchant initiated transaction? If yes, then Merchant Initiated Transaction
  8. If not SCA and none of the above apply, then Other