One leg out-transactions explained

For non-European Economic Area (EEA) companies looking to do business in Europe, it’s important to understand one leg out transactions.

On this page, we’ll explain exactly how one leg transactions work and how Checkout.com can help you implement payment authentication in your business.

What is a one leg out-transaction?

A one leg out transaction in the payments industry refers to a cross-border payment where only one part of the transaction is regulated under the European Union (EU) payment laws. This occurs when one of the parties involved in the transaction (either the acquirer or the issuer) is located in the (EEA) and the other party is outside of it.

For instance, if a customer in the United States uses their credit card to purchase goods from a merchant in Germany, this is considered a one-leg-out transaction

Are one leg out transactions subject to SCA rules?

Strong Customer Authentication (SCA) was introduced in Europe under the PSD2 regulations. It is designed to make online card payments more secure by requiring customers to complete a multi-factor authentication process. However, there are some types of transactions where SCA is out-of-scope or where SCA exemptions can be applied.

One leg out transactions are considered out of scope and therefore, SCA is optional. However, there are many reasons merchants may still choose to apply SCA

What about the UK?
Even though the UK has left the European Union and EEA as a result of Brexit, SCA is still enforced here.
Therefore a transaction that involves a credit card issued in the UK being used to purchase goods in Germany is not a one-leg-out transaction.

Are there benefits to implementing SCA for one leg out transactions?

Even though one leg out transactions are out of scope of SCA requirements, implementing it even when not explicitly required can offer several benefits to businesses such as:

Fraud prevention: SCA adds layers of verification, making it harder for unauthorized users to complete a transaction. This reduces the risk of fraudulent activities.
Trust and credibility: Customers often perceive enhanced security measures - such as a strong authentication process - as a sign of a trustworthy business
Reduced false declines: Advanced authentication can help in accurately distinguishing legitimate customers from fraudulent attempts, reducing the chances of legitimate transactions being declined
Reduced chargeback costs: With fewer fraudulent transactions, businesses can expect a decrease in chargeback-related expenses.
Future compliance readiness: Many of the directives of the EU’s PSD2 regulations (including SCA) are being copied by other countries. India, Bangladesh, Singapore, Malaysia, Nigeria, and South Africa all introduced their own versions of SCA after the directive came in, and other countries will likely follow suit.