Common ErrorStripe Decline Code

Stripe Error: authentication_required

The charge requires 3D Secure or SCA authentication from the cardholder.

What This Means

Authentication_required means the customer's bank requires them to verify their identity before the charge can be approved. This is driven by Strong Customer Authentication (SCA) regulations, primarily in the EU and UK, but increasingly adopted globally. The bank wants the customer to complete a 3D Secure challenge — typically entering a code sent to their phone or approving the charge in their banking app. Subscription renewals can trigger this when the bank decides a periodic re-authentication is needed.

Why This Happens

  • EU/UK Strong Customer Authentication (SCA) regulations require verification for this transaction
  • The bank's risk system flagged this specific charge for additional authentication
  • The customer's saved payment method doesn't have a valid 3D Secure mandate for recurring charges
  • The charge amount or pattern triggered the bank's step-up authentication threshold

How To Fix It

  1. 1Use Stripe's Payment Intents API which handles SCA authentication flows automatically
  2. 2Send the customer an email with a link to complete their 3D Secure authentication
  3. 3Set up off-session payment confirmation flows for subscription renewals
  4. 4Request SCA exemptions through Stripe for low-risk, low-value recurring charges
  5. 5Implement Stripe's setup_future_usage parameter when saving cards to get proper mandates

The Automated Solution

Revive detects authentication_required declines and sends the customer a branded email with a secure link to complete their 3D Secure verification. This flow is fully managed — the customer clicks, authenticates with their bank, and the subscription continues without you writing a single line of SCA code.

Revive connects to your Stripe account in 60 seconds. It monitors every failed charge, applies the right recovery strategy for each decline code, and sends branded emails to your customers when human action is needed. No code changes. No configuration. Just recovered revenue.

Connect Stripe & Start Recovering

Related Stripe Errors

card_declined

The customer's card was declined by their bank with no specific reason given.

processing_error

A temporary error occurred while processing the card. The charge should be retried.

incorrect_cvc

The CVC (security code) provided does not match the card on file.

generic_decline

The card was declined for an unspecified reason.

Frequently Asked Questions

Does authentication_required only affect European customers?

SCA is primarily an EU/UK regulation, but banks worldwide are increasingly implementing similar requirements. Indian banks, for example, have their own OTP-based authentication. If you serve a global customer base, expect to see this code from multiple regions.

Can I avoid authentication_required on subscription renewals?

Partially. Using Stripe's Payment Intents API with setup_future_usage when initially saving the card creates a proper mandate for recurring charges. This reduces but doesn't eliminate authentication requests, as banks can still require periodic re-authentication.

What happens if the customer never completes authentication?

The charge remains in a requires_action state and eventually fails. If the customer doesn't authenticate within your recovery window, the subscription will lapse. This is why proactive email outreach with a direct authentication link is critical.

Learn More

Stop fixing payment errors manually

Revive monitors every failed Stripe charge, applies the optimal recovery strategy, and wins back revenue while you sleep. Connect in 60 seconds, recover in hours.

Start Recovering Revenue