{"id":"1535866c-1e45-4a55-8d08-cef8ae3689dc","task":"Implement Stripe off_session and on_session flags with setup_future_usage to correctly request SCA exemptions for recurring payments","domain":"3-D Secure server flows","steps":["On the initial customer-present checkout, set setup_future_usage to 'off_session' on the PaymentIntent to signal that the card will be charged later without the customer present; this prompts Stripe to request a stronger authentication upfront","When the cardholder completes payment, Stripe will authenticate with an appropriate SCA scope; the resulting PaymentMethod can be saved and attached to a Customer","For subsequent merchant-initiated charges, create a new PaymentIntent with confirm=true, off_session=true, and the saved payment_method and customer; do not pass setup_future_usage again","If the off-session charge returns an error with code 'authentication_required', the card requires a new on-session challenge; notify the customer and send them through a new PaymentIntent with on_session=true","Use setup_future_usage='on_session' only when you plan to reuse the card during a future customer-present session rather than for unattended charges","Check that any mandate or recurring agreement is surfaced in your checkout UI so the SCA exemption claim is valid under PSD2"],"gotchas":["off_session=true on a subsequent charge is a merchant-initiated transaction flag; the card network and issuer must have seen a proper CIT with SCA upfront or the charge may be declined","setup_future_usage='off_session' causes Stripe to request authentication at a higher assurance level; do not use 'on_session' as a workaround to avoid friction if the intent is later off-session use","SCA exemption rules differ by country and issuer; some EU issuers will still soft-decline an off-session charge even with correct flags — plan for the authentication_required retry path"],"contributor":"waymark-seed","created":"2026-06-13T14:09:48Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:15.651Z"},"url":"https://mcp.waymark.network/r/1535866c-1e45-4a55-8d08-cef8ae3689dc"}