authentication_requiredhighAffects MRR

Stripe authentication_required Error — Causes, Fix & MRR Impact

The Stripe authentication_required error occurs when the card issuer requires 3D Secure or SCA and the transaction was not authenticated, causing soft declines and MRR risk for SaaS businesses processing subscription payments.

What this means

The bank wants the customer to verify the payment (e.g. 3D Secure). For renewals, the customer may need to log in and complete the verification, or you need to run the auth flow before charging.

Why it happens

Issuer requires 3DS or SCA

The issuer mandates strong customer authentication for this transaction type or risk level.

Off-session charge without prior auth

You charged a saved card without the customer present; the issuer wants on-session authentication first.

Regulatory requirement (e.g. PSD2)

Regulations require SCA for certain transactions; the issuer enforces it.

Issuer risk or velocity

The issuer triggered auth due to risk or velocity; completing 3DS satisfies the requirement.

MRR Impact

Renewals that require auth and are not retried with auth flow fail and reduce MRR. Implementing auth collection and retry recovers revenue.

Auth-required declines are recoverable with proper 3DS/SCA flow and on-session retry.

Avg. recovery rate: Good when you collect auth on-session and retry; Stripe's flow handles much of this.

Urgency: within 24h

How to fix it

  1. 1

    Use Stripe's authentication flow for PaymentIntents

    When creating or confirming a PaymentIntent, use Stripe's handleCardAction or confirmCardPayment so 3DS runs when required. For SetupIntents, complete the authentication step before saving the payment method for off-session use.

  2. 2

    Handle off-session renewals

    For subscription renewals, if you get authentication_required, do not retry the same way. Use Stripe Billing's smart retries or prompt the customer to log in and complete payment (on-session) so 3DS can run.

  3. 3

    Collect authentication before first off-session charge

    When saving a card for future use, run the authentication flow (e.g. SetupIntent with off_session) so the payment method is eligible for future charges without blocking.

  4. 4

    Show clear message when auth is needed

    If the customer must authenticate, show a message that they need to verify their payment and provide a link or button to complete verification (e.g. redirect to checkout or billing page).

  5. 5

    Log and monitor auth failures

    Track authentication_required on renewals; optimize by ensuring cards are authenticated at collection time and using Stripe's retry logic.

Detect authentication_required automatically

Track authentication_required on off-session charges; ensure 3DS is collected at onboarding or before first renewal.

Monitor your Stripe health free →

FAQ

What does Stripe authentication_required mean?
authentication_required means the transaction requires authentication such as 3D Secure (3DS) or strong customer authentication (SCA). The issuer returned a soft decline. For on-session flows, Stripe's front ends usually trigger the auth flow automatically. For off-session (e.g. renewal), you may need to prompt the customer to retry or authenticate on-session first.
Should I retry authentication_required?
For off-session payments, retrying without authentication will often fail again. Collect authentication on-session (e.g. customer logs in and completes 3DS) then retry the payment, or use Stripe's customer authentication flow and retry. For on-session, the SDK typically handles the redirect or modal.
How does authentication_required affect SaaS MRR?
Failed renewals due to auth requirements reduce MRR. Implementing proper 3DS/SCA for off-session (e.g. invoice payment or renewal) and prompting customers to authenticate or retry recovers revenue. Stripe Billing can help with smart retries.
What if the customer authenticated but still got authentication_required?
If the issuer returns this after a successful 3DS, the customer may need to contact their card issuer. Log the case for support; do not expose issuer-specific details to the customer.

Related errors

payment_intent_authentication_failure

The Stripe payment_intent_authentication_failure error occurs when 3D Secure or SCA was required but not completed or failed, causing the payment to fail and MRR risk for SaaS businesses processing subscription payments.

Affects MRRcard_declined

The Stripe card_declined error occurs when the card issuer declines the charge; the specific reason is in decline_code, causing failed payments and MRR risk for SaaS businesses processing subscription payments.

Affects MRR