Error codes
Soft decline
Stripe
fraudulent
The payment was declined because Stripe suspects that it's fraudulent.
What does fraudulent mean?
The fraudulent decline code is returned by Stripe when Stripe Radar (Stripe's fraud prevention engine) has flagged a transaction as likely fraud based on risk signals. Unlike most decline codes, this originates from Stripe itself rather than from the issuing bank — Radar blocked the authorization before it even reached the network.
Stripe explicitly recommends not exposing this specific reason to the customer. Instead, merchants should display it in the same way as generic_decline to avoid alerting potential fraudsters or embarrassing legitimate customers flagged by false positives.
Is it a soft or hard decline?
Stripe classifies fraudulent as a soft decline, but the handling is different from other soft declines. Retrying the same transaction almost never succeeds — if Radar flagged it once, it will flag it again on the same signals. Recovery requires addressing the underlying risk signals, not retrying.
Common root causes
Device fingerprint matches known fraud patterns
IP address or geolocation inconsistent with the cardholder
Email address reputation scored as risky
Velocity patterns (multiple declines from the same card or device)
Stripe Radar rules configured too aggressively on legitimate subscription renewals
Card-on-file charges triggering fraud models designed for first-time transactions
Recommended recovery steps
Review your Radar rules. For subscription businesses, default Radar rules are often too aggressive on recurring renewals — especially for long-term customers.
Use network tokens instead of raw card numbers for recurring charges. Network tokens carry additional trust signals that reduce fraud false positives.
Whitelist recurring customers via Radar rules once their first charge succeeds.
Do not retry blindly. If Radar flagged the transaction, a retry will hit the same rules. Either update the risk signal (e.g., network token) or route to dunning.
Never display
fraudulentto the customer — always show a generic decline message instead.
How FlyCode handles fraudulent
FlyCode automatically provisions network tokens for all recurring subscription charges processed through its platform. Network tokens signal to Stripe Radar and issuing banks that the merchant-cardholder relationship is verified, significantly reducing false positive fraudulent declines on legitimate renewals.
For transactions that still get flagged, FlyCode's AI engine determines whether the decline is recoverable through retry with improved signals, or whether the customer should be routed directly to a re-authentication flow. This dramatically reduces involuntary churn caused by overly aggressive fraud detection on long-term subscribers.
What does fraudulent mean?
The fraudulent decline code is returned by Stripe when Stripe Radar (Stripe's fraud prevention engine) has flagged a transaction as likely fraud based on risk signals. Unlike most decline codes, this originates from Stripe itself rather than from the issuing bank — Radar blocked the authorization before it even reached the network.
Stripe explicitly recommends not exposing this specific reason to the customer. Instead, merchants should display it in the same way as generic_decline to avoid alerting potential fraudsters or embarrassing legitimate customers flagged by false positives.
Is it a soft or hard decline?
Stripe classifies fraudulent as a soft decline, but the handling is different from other soft declines. Retrying the same transaction almost never succeeds — if Radar flagged it once, it will flag it again on the same signals. Recovery requires addressing the underlying risk signals, not retrying.
Common root causes
Device fingerprint matches known fraud patterns
IP address or geolocation inconsistent with the cardholder
Email address reputation scored as risky
Velocity patterns (multiple declines from the same card or device)
Stripe Radar rules configured too aggressively on legitimate subscription renewals
Card-on-file charges triggering fraud models designed for first-time transactions
Recommended recovery steps
Review your Radar rules. For subscription businesses, default Radar rules are often too aggressive on recurring renewals — especially for long-term customers.
Use network tokens instead of raw card numbers for recurring charges. Network tokens carry additional trust signals that reduce fraud false positives.
Whitelist recurring customers via Radar rules once their first charge succeeds.
Do not retry blindly. If Radar flagged the transaction, a retry will hit the same rules. Either update the risk signal (e.g., network token) or route to dunning.
Never display
fraudulentto the customer — always show a generic decline message instead.
How FlyCode handles fraudulent
FlyCode automatically provisions network tokens for all recurring subscription charges processed through its platform. Network tokens signal to Stripe Radar and issuing banks that the merchant-cardholder relationship is verified, significantly reducing false positive fraudulent declines on legitimate renewals.
For transactions that still get flagged, FlyCode's AI engine determines whether the decline is recoverable through retry with improved signals, or whether the customer should be routed directly to a re-authentication flow. This dramatically reduces involuntary churn caused by overly aggressive fraud detection on long-term subscribers.
What does fraudulent mean?
The fraudulent decline code is returned by Stripe when Stripe Radar (Stripe's fraud prevention engine) has flagged a transaction as likely fraud based on risk signals. Unlike most decline codes, this originates from Stripe itself rather than from the issuing bank — Radar blocked the authorization before it even reached the network.
Stripe explicitly recommends not exposing this specific reason to the customer. Instead, merchants should display it in the same way as generic_decline to avoid alerting potential fraudsters or embarrassing legitimate customers flagged by false positives.
Is it a soft or hard decline?
Stripe classifies fraudulent as a soft decline, but the handling is different from other soft declines. Retrying the same transaction almost never succeeds — if Radar flagged it once, it will flag it again on the same signals. Recovery requires addressing the underlying risk signals, not retrying.
Common root causes
Device fingerprint matches known fraud patterns
IP address or geolocation inconsistent with the cardholder
Email address reputation scored as risky
Velocity patterns (multiple declines from the same card or device)
Stripe Radar rules configured too aggressively on legitimate subscription renewals
Card-on-file charges triggering fraud models designed for first-time transactions
Recommended recovery steps
Review your Radar rules. For subscription businesses, default Radar rules are often too aggressive on recurring renewals — especially for long-term customers.
Use network tokens instead of raw card numbers for recurring charges. Network tokens carry additional trust signals that reduce fraud false positives.
Whitelist recurring customers via Radar rules once their first charge succeeds.
Do not retry blindly. If Radar flagged the transaction, a retry will hit the same rules. Either update the risk signal (e.g., network token) or route to dunning.
Never display
fraudulentto the customer — always show a generic decline message instead.
How FlyCode handles fraudulent
FlyCode automatically provisions network tokens for all recurring subscription charges processed through its platform. Network tokens signal to Stripe Radar and issuing banks that the merchant-cardholder relationship is verified, significantly reducing false positive fraudulent declines on legitimate renewals.
For transactions that still get flagged, FlyCode's AI engine determines whether the decline is recoverable through retry with improved signals, or whether the customer should be routed directly to a re-authentication flow. This dramatically reduces involuntary churn caused by overly aggressive fraud detection on long-term subscribers.
Understanding This Decline Code
Extended content body
Frequently Asked Questions
What does fraudulent mean on Stripe?
Should I tell the customer their payment was flagged as fraud?
Generally no. Retrying the same transaction without changing any signals will just trigger the same Radar rules. Instead, fix the underlying signal quality (network tokens, whitelisted recurring customers) or route to dunning.
Should I retry a fraudulent decline?
No — fraudulent declines should not be retried. Tune your Stripe Radar rules to reduce false positives on legitimate subscription renewals, and use network tokens to improve authorization signal quality.
