Handle a Stripe authentication_required decline on a saved card and implement a compliant retry flow prompting the cardholder for step-up authentication
When a PaymentIntent confirm attempt returns an error with code 'authentication_required', the issuer requires SCA for this transaction even though the card was previously used off-session
Do not retry the same PaymentIntent with off_session=true — instead, create a new PaymentIntent with on_session=true (or surface the existing PaymentIntent's client_secret to the customer) and use Stripe.js to present the 3DS challenge
Send the customer an email or push notification with a link to a secure payment page where they can complete the step-up authentication
On the payment page, use Stripe.js handleNextAction() or confirmCardPayment() with the PaymentIntent's client_secret to trigger the challenge flow
After the customer completes authentication, the PaymentIntent status transitions to 'succeeded' or 'requires_capture'; fulfill the order accordingly
Log the number of authentication_required declines and successful retries to measure the impact and tune your retry email timing and copy
Known gotchas
Retrying an off_session PaymentIntent after an authentication_required decline with the same off_session=true flag will result in another decline; you must involve the cardholder
The window between the authentication_required decline and the cardholder completing step-up can be hours or days; hold the order in a pending state rather than failing it immediately
In EU SCA markets, some issuers will require step-up on recurring charges even when the original CIT included strong authentication; this is expected behavior and the retry path is mandatory
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp