Establish the initial CIT (customer-initiated transaction) with full SCA authentication to create the payment method and set up the trusted beneficiary relationship
Store the payment method and the mandate reference returned after the authenticated CIT
For subsequent recurring charges, create a PaymentIntent with off_session set to true and payment_method_options.card.request_three_d_secure set to any
Include the metadata indicating this is a recurring merchant-initiated transaction using mandate with the stored mandate ID
If the issuer honors the trusted beneficiary exemption, the PaymentIntent will succeed without a 3DS challenge
Handle the case where the issuer soft-declines with an authentication_required error by presenting the cardholder with a re-authentication challenge using the requires_action flow
Known gotchas
The trusted beneficiary exemption is at the issuer's discretion; many issuers in the EEA do not support it yet, making soft declines common even for legitimate recurring payments
Misclassifying a customer-initiated transaction as off_session can trigger a soft decline that erodes customer trust; ensure your off-session flag matches the actual payment context
PSD2 exemption rules do not apply to UK FCA-regulated issuers post-Brexit; UK cards follow PSR rather than EBA RTS, with some divergence in exemption thresholds and conditions
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp