Error codes
Hard decline
Stripe
authentication_required
The card was declined because the transaction requires authentication such as 3D Secure.
What does authentication_required mean?
The authentication_required decline code indicates that the issuing bank has requested additional cardholder verification via 3D Secure (3DS) before authorizing the transaction. The card and account are valid — the issuer just requires the cardholder to complete an authentication step such as a password, biometric, or one-time code.
Is it a soft or hard decline?
Stripe classifies it as a hard decline in the sense that the current transaction cannot be recovered through retry alone. However, the underlying card is fully functional — recovery requires customer interaction, not a retry of the same off-session charge.
Common root causes
Strong Customer Authentication (SCA) regulations in Europe requiring 3DS
Issuer risk models requesting step-up authentication on specific transactions
First-time or infrequent transactions on a card-on-file
High-value charges exceeding issuer's no-auth threshold
Off-session charges on cards that require on-session verification
Recommended recovery steps
Route the customer to an authentication flow. Off-session retries will keep failing until 3DS is completed.
Use Stripe's Payment Element or Checkout for built-in 3DS handling.
Mark recurring charges as Merchant-Initiated Transactions (MIT) with proper authorization flags to reduce 3DS requests over time.
Use network tokens for cards where available — they reduce authentication friction for subsequent charges.
Do not repeatedly retry off-session. The result will always be the same until the customer authenticates.
How FlyCode handles authentication_required
FlyCode automatically applies network tokens and proper MIT signaling to recurring subscription charges, reducing false positive 3DS requests from issuers. For charges that still require authentication, FlyCode routes customers to streamlined re-authentication flows at the optimal moment — maximizing completion rates while minimizing subscription disruption.
What does authentication_required mean?
The authentication_required decline code indicates that the issuing bank has requested additional cardholder verification via 3D Secure (3DS) before authorizing the transaction. The card and account are valid — the issuer just requires the cardholder to complete an authentication step such as a password, biometric, or one-time code.
Is it a soft or hard decline?
Stripe classifies it as a hard decline in the sense that the current transaction cannot be recovered through retry alone. However, the underlying card is fully functional — recovery requires customer interaction, not a retry of the same off-session charge.
Common root causes
Strong Customer Authentication (SCA) regulations in Europe requiring 3DS
Issuer risk models requesting step-up authentication on specific transactions
First-time or infrequent transactions on a card-on-file
High-value charges exceeding issuer's no-auth threshold
Off-session charges on cards that require on-session verification
Recommended recovery steps
Route the customer to an authentication flow. Off-session retries will keep failing until 3DS is completed.
Use Stripe's Payment Element or Checkout for built-in 3DS handling.
Mark recurring charges as Merchant-Initiated Transactions (MIT) with proper authorization flags to reduce 3DS requests over time.
Use network tokens for cards where available — they reduce authentication friction for subsequent charges.
Do not repeatedly retry off-session. The result will always be the same until the customer authenticates.
How FlyCode handles authentication_required
FlyCode automatically applies network tokens and proper MIT signaling to recurring subscription charges, reducing false positive 3DS requests from issuers. For charges that still require authentication, FlyCode routes customers to streamlined re-authentication flows at the optimal moment — maximizing completion rates while minimizing subscription disruption.
What does authentication_required mean?
The authentication_required decline code indicates that the issuing bank has requested additional cardholder verification via 3D Secure (3DS) before authorizing the transaction. The card and account are valid — the issuer just requires the cardholder to complete an authentication step such as a password, biometric, or one-time code.
Is it a soft or hard decline?
Stripe classifies it as a hard decline in the sense that the current transaction cannot be recovered through retry alone. However, the underlying card is fully functional — recovery requires customer interaction, not a retry of the same off-session charge.
Common root causes
Strong Customer Authentication (SCA) regulations in Europe requiring 3DS
Issuer risk models requesting step-up authentication on specific transactions
First-time or infrequent transactions on a card-on-file
High-value charges exceeding issuer's no-auth threshold
Off-session charges on cards that require on-session verification
Recommended recovery steps
Route the customer to an authentication flow. Off-session retries will keep failing until 3DS is completed.
Use Stripe's Payment Element or Checkout for built-in 3DS handling.
Mark recurring charges as Merchant-Initiated Transactions (MIT) with proper authorization flags to reduce 3DS requests over time.
Use network tokens for cards where available — they reduce authentication friction for subsequent charges.
Do not repeatedly retry off-session. The result will always be the same until the customer authenticates.
How FlyCode handles authentication_required
FlyCode automatically applies network tokens and proper MIT signaling to recurring subscription charges, reducing false positive 3DS requests from issuers. For charges that still require authentication, FlyCode routes customers to streamlined re-authentication flows at the optimal moment — maximizing completion rates while minimizing subscription disruption.
Understanding This Decline Code
Extended content body
Frequently Asked Questions
What does authentication_required mean?
Can I retry authentication_required silently?
No. Off-session retries will continue to fail until the customer completes authentication. You must route the customer through a 3D Secure flow to recover the charge.
How does FlyCode handle authentication_required?
FlyCode uses network tokens and cardholder-initiated transaction signals where possible to reduce authentication friction on recurring charges, and routes customers to seamless re-authentication flows when needed.
