MITs might be out of scope of SCA?

Merchant initiated transactions (or MITs) refer to card payments of fixed or variable amount that are initiated by the payee only without any direct intervention from the payer. MITs might therefore be out of scope of the strong customer authentication (SCA).

Typical examples of MITs include: a contract mobile phone bill where a different amount is taken by the payee each month according to the customer’s usage; an annual magazine subscription where the same or a slightly differing amount is debited monthly on the same day of the month for twelve months (or longer); and additional charges on a hotel bill where the customer has chosen to use an express checkout service. In all cases, the payment is initiated by the payee, in reliance upon a valid authority given by the payer to the payee, whether on paper or electronically.

Such MITs are out of scope of the requirement for SCA and do not need to rely on an exemption. This is because they are initiated by the payee only without any direct intervention from the payer. This is in the same way as Direct Debits, which are also initiated by payees without any direct intervention from the payer, based on an initial mandate. The initial authority (or mandate) may itself be caught by the SCA requirement if given electronically under the third ‘other action’ requirements of the RTS, but is not in scope if given on paper or over the telephone. The EBA has expressly confirmed this position with respect to Direct Debits and Osborne Clarke’s view is that MITs are very similar and should be treated the same: the customer or payer will be involved in setting up the authority and (for a series of transactions) may initiate the first transaction, but they will play no part in initiating subsequent transactions. It doesn’t matter how the authority is first given (paper, by telephone or electronically), so long as it is given validly and proper records are kept, to enable a ‘look-back’ when a transaction is disputed. It also doesn’t matter if the MITs occur with varying frequency or for varying amounts, so long as they are consistent with the authority given (i.e. within the customer’s reasonable expectation).

But – there is always a but – MITs must be distinguished from ‘card on file’ transactions where the payer confirms payment and use of payment card details previously supplied, along the lines: Confirm payment using your default card, card number XXXX XXXX XXXX 1234. These card payments are not MITs as they are clearly initiated by the payer and so SCA must be applied unless an exemption is available.

This article was originally published in the December 2018 edition of Osborne Clarke’s EPSM Legal Research Newsletter.