Appendix

    SCA events and exemptions

    The table below identifies which customer actions require SCA. Contis as the regulated entity has full control over the use of exemptions and implements these where applicable.

    Customer Action Is SCA required? SCA Exemption available? Notes

    Account Login

    Yes

    Yes

    If can only see balance or <90 days transactions, then SCA not required but 2FA SCA on login must have been performed in the last 90 days to use this exemption

    Change address online

    Yes

    No

    Change mobile online

    Yes

    No

    Card Spend - Contactless

    Yes

    Yes

    Limited by amount of all consecutive Contactless transactions

    Card Spend - Online (includes stored card details)

    Yes

    Yes

    Transactional Risk Analysis

    Bank Transfer/

    Payment Out of Account

    P2P/Internal Transfers - Send via mobile no, email or username

    Yes

    Yes

    Trusted Beneficiary, Low Value Limit

    Creation/changing a standing order

    Yes

    No

    Trusted beneficiary added/changed/removed for payments/transfers

    Yes

    No

    One payment to be made, before functionality available to customer

    It won’t be possible to predict for all transactions whether SCA will apply (or not), or if an exemption is available. For example, the low-value limit is set to EUR30, but not all amounts less than this will be exempted.

    The use of exemptions is discretionary and also certain exemptions are only permissible where fraud levels remain under prescribed limits. Therefore, the use of exemptions is always subject to change by Contis.