Overcapture requirements (PSD2)

This information applies to Business accounts.

Historically PayPal supported the capability for some merchants to allow users to amend orders in the context of checkout to add (or remove) services like shipping fees or taxes. While the user consents to the final amount in the merchant Checkout, this wasn't completed in a session with PayPal.   

Example: 

  • Merchant sends the buyer to PayPal to authorize a transaction of 100.00 USD.  

  • Consumer reviews and authorizes the transaction at PayPal for 100.00 USD.  

  • Consumer returns to the merchant site where the transaction amount increases to 110.00 USD due to the addition of shipping, taxes, FX conversion, etc.    

PayPal obtains authorization from each customer for the maximum amount of transactions before redirecting a customer to the merchant. The transaction gets declined if the merchant captures more than the authorized amount.  

This impacts all global merchants (domestic and international transactions) that sell to PayPal buyers from the countries subject to PSD2 (i.e., EEA). 

What is the impact/effect?  

Strong Customer Authentication (SCA) requirements, which are part of the Second Payment Services Directive (PSD2), mandate additional authentication measures and restrictions to be performed on electronic transactions involving consumers (buyers) from the PSD2 countries. 

The changes are in response to the principles set by The European Banking Authority (EBA) for transactions where the final amount is unknown.  

  • The final transaction amount can't be higher than the authenticated amount: “If the final amount is higher than the amount the payer was made aware of and agreed to when initiating the transaction, the payer’s PSP shall apply SCA to the final amount of the transaction or decline the transaction.”   

  •  The final transaction amount may be lower than the authenticated amount: “If the final amount is equal to or lower than the amount agreed in accordance with Article 75(1) of PSD2, the transaction can be executed, and there is no need to re-apply SCA, as the authentication code would still be valid in accordance with Article 5(3)(a) of the [RTS].” 

What regions does this impact?    

This impacts Merchants globally (for domestic and international transactions) selling to buyers from the EEA (PSD2 countries). 

My business is not based in EU; do I need to comply?   

Any merchant selling to buyers from the EEA region (PSD2 countries) will be impacted. The impact is determined by the consumers' (or buyers') country and not by the merchant country. 

Does this impact all my PayPal, Venmo, Braintree transactions?  

The impact is only on PayPal wallet transactions, i.e., merchants integrated on PayPal Branded Checkout. This can be direct PayPal integration or through Braintree. There's no impact on Venmo transactions because Venmo is not offered to EU consumers.  

For direct card transactions (Unbranded DCC), the card issuer will automatically reject transactions above what the consumer approved during the 3DS review.   

I regularly overcharge as part of my business model; what should I do now?   

  • To minimize the declines, PayPal will leverage an in-house machine learning algorithm estimate for a higher amount and authorize the consumer for the same. Only if the merchant requested amount is higher than the estimated authorized amount would the transaction be declined. 

  • In case of a decline, PayPal would be returning an existing error code (refer to the below table) requesting the merchant to send the buyer for a re-review, and this review would happen with the new amount. Post the successful buyer review; the merchant can reattempt the capture. 

  • In the future, we encourage you to initiate the transaction with an amount inclusive of shipping, tax, etc. so that PayPal wouldn't have to decline the transaction later during the payment lifecycle. 

Decline Error Codes When Requested Amount Exceeds What Was Consented 

Legacy NVP & SOAP integrations 

DoExpressCheckoutPayment API 

Error Code: 10486 

SHORT: This transaction couldn't be completed. 

LONG: This transaction couldn't be completed. Please redirect your customer to PayPal. 

DoAuthorization API 

DoReauthorization API 

DoCapture API 

Error Code: 10610 

SHORT: Amount limit exceeded. 

LONG: Amount specified exceeds allowable limit. 


Payments V1 integration 

POST /v1/payments/payment/{payment_id}/execute 

HTTP Code: 400 

Name: PAYER_ACTION_REQUIRED 

Message: Transaction cannot be completed successfully. Instruct the buyer to return to PayPal. 

POST /v1/payments/orders/{order_id}/authorize 

  

POST /v1/payments/authorization/{auth_id}/reauthorize 

HTTP Code: 400 

Name: AUTHORIZATION_AMOUNT_LIMIT_EXCEEDED 

Message: Authorization amount exceeds allowed order limit. 

POST /v1/payments/orders/{order_id}/capture 

  

POST /v1/payments/authorization/{authorization_id}/capture 

HTTP Code: 400 

Name: CAPTURE_AMOUNT_LIMIT_EXCEEDED 

Message: Capture amount specified exceeded allowable limit. 


Orders V2 and Payments V2 integration 

POST /v2/checkout/orders/{ID.EN_US}/capture 

  

POST /v2/checkout/orders/{ID.EN_US}/authorize 

  

POST /v2/checkout/orders/{ID.EN_US}/save 

HTTP Code: 422 

Error: UNPROCESSABLE_ENTITY 

Error Description: The requested action could not be performed, is semantically incorrect, or failed business validation. 

  

Issue: PAYER_ACTION_REQUIRED 

Issue Description: Transaction cannot be completed successfully. Instruct the buyer to return to PayPal. 

POST /v2/checkout/orders/{order_id}/authorize 

 

POST /v2/payments/authorizations/{authorization_id}/reauthorize 

HTTP Code: 422 

Error: UNPROCESSABLE_ENTITY 

Error Description: The requested action could not be performed, is semantically incorrect, or failed business validation. 

Issue: AUTHORIZATION_AMOUNT_EXCEEDED 

Issue Description: The authorization amount specified exceeded allowable limit. Specify a different amount and try the request again. Alternatively, contact Customer Support to increase your limits. Overcharges are not allowed for consumers from PSD2 countries due to local regulations. 

POST /v2/payments/authorizations/{authorization_id}/capture 

HTTP Code: 422 

Error: UNPROCESSABLE_ENTITY 

Error Description: The requested action could not be performed, is semantically incorrect, or failed business validation. 

Issue: MAX_CAPTURE_AMOUNT_EXCEEDED 

Issue Description: Capture amount exceeds the allowable limit. Please contact customer service or your account manager to request the change to your overcharge limit. The default overcharge limit is 115%, which allows the sum of all captures to be up to 115% of the authorization amount. Overcharges are not allowed for consumers from PSD2 countries due to local regulations. 

Do I need to make any integration changes?   

No immediate integration change is needed as long as the merchant is redirecting the buyer back to PayPal for a re-review in the event of PayPal declining the transaction with the above-mentioned error codes. 

What is PayPal doing to reduce the impact on my business?   

  • PayPal would use in-house algorithms to detect impacted merchants, compute the potential overcharge for the transaction and disclose the maximum amount (cap) to the consumer during payment authentication on PayPal.  

  • The computation of the overcharge is based on multiple factors like transaction amount, previous overcharge trends, the zip code of the consumer and merchant, etc.  

  • Once the consumer consents to the higher amount cap at PayPal, the merchant could capture up to that amount.  

  • If the merchant requested capture amount exceeds the consumer's consented maximum amount, then PayPal would decline the request using existing error codesThe merchant would need to send the consumer to PayPal for a re-review or attempt a capture with the previously approved amount.  

How do I know what overcharge threshold PayPal has presented to my customer?  

Merchants won't have visibility on the maximum amount threshold their customers will be presented with. 

If a payment is declined, what should I do?  

In case of a decline, PayPal would send an existing error code requesting the merchant to send the buyer for a re-review, and this review would happen with the higher amount. Post the successful buyer review. The merchant can reattempt the capture.  

What error codes will I receive?   

We're reusing existing Decline error codes when the requested amount exceeds what was consented to by the buyer. Details below:

Legacy NVP & SOAP integrations 

DoExpressCheckoutPayment API 

Error Code: 10486 

SHORT: This transaction couldn't be completed. 

LONG: This transaction couldn't be completed. Please redirect your customer to PayPal. 

DoAuthorization API 

DoReauthorization API 

DoCapture API 

Error Code: 10610 

SHORT: Amount limit exceeded. 

LONG: Amount specified exceeds allowable limit. 


Payments V1 integration 

POST /v1/payments/payment/{payment_id}/execute 

HTTP Code: 400 

Name: PAYER_ACTION_REQUIRED 

Message: Transaction cannot be completed successfully. Instruct the buyer to return to PayPal. 

POST /v1/payments/orders/{order_id}/authorize 

  

POST /v1/payments/authorization/{auth_id}/reauthorize 

HTTP Code: 400 

Name: AUTHORIZATION_AMOUNT_LIMIT_EXCEEDED 

Message: Authorization amount exceeds allowed order limit. 

POST /v1/payments/orders/{order_id}/capture 

  

POST /v1/payments/authorization/{authorization_id}/capture 

HTTP Code: 400 

Name: CAPTURE_AMOUNT_LIMIT_EXCEEDED 

Message: Capture amount specified exceeded allowable limit. 


Orders V2 and Payments V2 integration 

POST /v2/checkout/orders/{ID.EN_US}/capture 

  

POST /v2/checkout/orders/{ID.EN_US}/authorize 

  

POST /v2/checkout/orders/{ID.EN_US}/save 

HTTP Code: 422 

Error: UNPROCESSABLE_ENTITY 

Error Description: The requested action could not be performed, is semantically incorrect, or failed business validation. 

  

Issue: PAYER_ACTION_REQUIRED 

Issue Description: Transaction cannot be completed successfully. Instruct the buyer to return to PayPal. 

POST /v2/checkout/orders/{order_id}/authorize 

 

POST /v2/payments/authorizations/{authorization_id}/reauthorize 

HTTP Code: 422 

Error: UNPROCESSABLE_ENTITY 

Error Description: The requested action could not be performed, is semantically incorrect, or failed business validation. 

Issue: AUTHORIZATION_AMOUNT_EXCEEDED 

Issue Description: Authorization amount specified exceeded allowable limit. Specify a different amount and try the request again. Alternatively, contact Customer Support to increase your limits. Overcharges are not allowed for consumers from PSD2 countries due to local regulations. 

POST /v2/payments/authorizations/{authorization_id}/capture 

HTTP Code: 422 

Error: UNPROCESSABLE_ENTITY 

Error Description: The requested action could not be performed, is semantically incorrect, or failed business validation. 

Issue: MAX_CAPTURE_AMOUNT_EXCEEDED 

Issue Description: Capture amount exceeds allowable limit. Please contact customer service or your account manager to request the change to your overcharge limit. The default overcharge limit is 115%, which allows the sum of all captures to be up to 115% of the authorization amount. Overcharges are not allowed for consumers from PSD2 countries due to local regulations. 

This is going to impact my merchant significantly. Can my business be excluded?   

Unfortunately, we can't exclude any merchants from this compliance change. 

What reporting is available for me as a business to monitor the impact of increased declines?  

No new dashboards have been built as part of this program.

I need technical support; how do I access it?   

Please contact your Customer Success Manager/Integration Engineer/Customer Service for support.  

More ways we can help

We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies