Confirm your acquiring bank or PSP has a fraud rate below the threshold required by PSD2 to qualify for TRA exemptions (thresholds vary by transaction value band).
When creating a PaymentIntent, set the 'payment_method_options.card.request_three_d_secure' field to 'automatic' and pass 'exemption: transaction_risk_analysis' in the relevant parameter to signal TRA.
The issuer may honor the exemption (returning an authentication result without a challenge) or override it and require a challenge — your flow must handle both outcomes.
If the issuer overrides and demands a challenge, redirect the cardholder through the standard 3DS2 challenge flow; do not retry the exemption on the same transaction.
Monitor your TRA exemption acceptance rate per issuer; issuers with consistently low acceptance rates may warrant a different exemption strategy.
Record the authentication result and ECI value from each outcome for dispute liability shift analysis.
Known gotchas
TRA exemptions shift fraud liability back to the merchant if the issuer honors the exemption and a subsequent fraud chargeback occurs — quantify this liability before enabling TRA at scale.
TRA is not available for transactions above the value threshold specified in your regional PSD2 regulatory technical standards; exceeding the limit requires full SCA.
Stripe's handling of exemption flags is abstracted — consult the current Stripe SCA documentation for the exact parameter names, as they have changed across API versions.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp