Error codes

Hard decline

Stripe

stolen_card

The payment was declined because the card is reported stolen.

What does stolen_card mean?

The stolen_card decline code is returned when the cardholder has reported the card stolen to their issuing bank. The specific card number is permanently blocked and cannot be used for any future transactions, regardless of merchant or amount.

Like lost_card, this decline requires careful handling for security reasons. The card may be in the possession of a fraudster attempting to use stored credentials on file with your merchant account. Stripe explicitly recommends displaying a generic decline message to the customer rather than revealing that the card has been reported stolen.

Is it a soft or hard decline?

stolen_card is a hard decline. The card number is permanently blocked by the issuer and no retry on the same credentials will succeed. Recovery requires new card details, typically via the replacement card that the issuer has already sent to the legitimate cardholder.

Common root causes

  • The cardholder's wallet or card was stolen

  • The card was skimmed and the fraud was detected by the issuer or cardholder

  • The card was reported stolen after suspicious activity

  • The cardholder proactively reported the card after losing it, unsure if it was lost or stolen

Recommended recovery steps

  1. Never retry on the same card. Blocked cards cannot be recovered through retry logic.

  2. Never disclose stolen_card to the customer. For security and to avoid alerting potential fraudsters, show a generic decline message instead.

  3. Check account updater services. Visa Account Updater (VAU) and Mastercard Automatic Billing Updater (ABU) will return the new card number once the replacement card is activated.

  4. Use backup payment methods on file if available.

  5. For outreach, use generic language. Ask the customer to update payment details without referencing fraud or theft.

How FlyCode handles stolen_card

FlyCode automatically checks account updater services (VAU and ABU) for every stolen_card decline. If the cardholder has already activated a replacement card, FlyCode refreshes the stored credentials silently and processes the charge — in many cases, the customer never sees a failed payment.

For cards where no replacement has been activated yet, FlyCode routes the customer to a secure payment update flow that does not disclose the reason for the decline. This protects both the customer (from having their security event exposed) and the merchant (from potential fraud dispute patterns).

What does stolen_card mean?

The stolen_card decline code is returned when the cardholder has reported the card stolen to their issuing bank. The specific card number is permanently blocked and cannot be used for any future transactions, regardless of merchant or amount.

Like lost_card, this decline requires careful handling for security reasons. The card may be in the possession of a fraudster attempting to use stored credentials on file with your merchant account. Stripe explicitly recommends displaying a generic decline message to the customer rather than revealing that the card has been reported stolen.

Is it a soft or hard decline?

stolen_card is a hard decline. The card number is permanently blocked by the issuer and no retry on the same credentials will succeed. Recovery requires new card details, typically via the replacement card that the issuer has already sent to the legitimate cardholder.

Common root causes

  • The cardholder's wallet or card was stolen

  • The card was skimmed and the fraud was detected by the issuer or cardholder

  • The card was reported stolen after suspicious activity

  • The cardholder proactively reported the card after losing it, unsure if it was lost or stolen

Recommended recovery steps

  1. Never retry on the same card. Blocked cards cannot be recovered through retry logic.

  2. Never disclose stolen_card to the customer. For security and to avoid alerting potential fraudsters, show a generic decline message instead.

  3. Check account updater services. Visa Account Updater (VAU) and Mastercard Automatic Billing Updater (ABU) will return the new card number once the replacement card is activated.

  4. Use backup payment methods on file if available.

  5. For outreach, use generic language. Ask the customer to update payment details without referencing fraud or theft.

How FlyCode handles stolen_card

FlyCode automatically checks account updater services (VAU and ABU) for every stolen_card decline. If the cardholder has already activated a replacement card, FlyCode refreshes the stored credentials silently and processes the charge — in many cases, the customer never sees a failed payment.

For cards where no replacement has been activated yet, FlyCode routes the customer to a secure payment update flow that does not disclose the reason for the decline. This protects both the customer (from having their security event exposed) and the merchant (from potential fraud dispute patterns).

What does stolen_card mean?

The stolen_card decline code is returned when the cardholder has reported the card stolen to their issuing bank. The specific card number is permanently blocked and cannot be used for any future transactions, regardless of merchant or amount.

Like lost_card, this decline requires careful handling for security reasons. The card may be in the possession of a fraudster attempting to use stored credentials on file with your merchant account. Stripe explicitly recommends displaying a generic decline message to the customer rather than revealing that the card has been reported stolen.

Is it a soft or hard decline?

stolen_card is a hard decline. The card number is permanently blocked by the issuer and no retry on the same credentials will succeed. Recovery requires new card details, typically via the replacement card that the issuer has already sent to the legitimate cardholder.

Common root causes

  • The cardholder's wallet or card was stolen

  • The card was skimmed and the fraud was detected by the issuer or cardholder

  • The card was reported stolen after suspicious activity

  • The cardholder proactively reported the card after losing it, unsure if it was lost or stolen

Recommended recovery steps

  1. Never retry on the same card. Blocked cards cannot be recovered through retry logic.

  2. Never disclose stolen_card to the customer. For security and to avoid alerting potential fraudsters, show a generic decline message instead.

  3. Check account updater services. Visa Account Updater (VAU) and Mastercard Automatic Billing Updater (ABU) will return the new card number once the replacement card is activated.

  4. Use backup payment methods on file if available.

  5. For outreach, use generic language. Ask the customer to update payment details without referencing fraud or theft.

How FlyCode handles stolen_card

FlyCode automatically checks account updater services (VAU and ABU) for every stolen_card decline. If the cardholder has already activated a replacement card, FlyCode refreshes the stored credentials silently and processes the charge — in many cases, the customer never sees a failed payment.

For cards where no replacement has been activated yet, FlyCode routes the customer to a secure payment update flow that does not disclose the reason for the decline. This protects both the customer (from having their security event exposed) and the merchant (from potential fraud dispute patterns).

Understanding This Decline Code

Extended content body

Frequently Asked Questions

Is stolen_card a soft or hard decline?

Should I retry a stolen_card decline?

Hard decline. The card has been permanently blocked by the issuer and retrying will never succeed. Recovery requires new card credentials via account updater services or customer action.

How does FlyCode recover stolen_card declines?

FlyCode uses account updater services to detect replacement card credentials automatically. For stolen_card declines, this recovers many customers silently once they activate a new card — without the merchant ever needing to mention the decline reason.

FlyCode partnered with Stripe, to turn failed payment intro revenue.

With our newest Stripe app, you can stop chasing your customers about their failed payments and recover more payments with zero development work.

With our newest Stripe app, you can stop chasing your customers about their failed payments and recover more payments with zero development work.

Continue with Stripe

OR

Sign up now
Visa Everything Award 2024
Logo for Stripe with the text "Find it on the Stripe App Marketplace" on a dark background.

ROI Calculator

Integrations

Stripe

Shopify

Connections

Policy

Terms of use

Terms of service

Privacy

Security

Resources

Manifesto

Payment Audit

Customers

Documentation

Socials

Twitter

Linkedin

Blog

Giving Back

Partnering with organizations that promote women in technology and families in need is something we are proud to do.

Text graphic displaying "SPE CODES; NEXT LEVEL" in a bold, stylized font on a solid background.
Logo featuring a stylized text "Catching" with an orange accent, set against a simple background.

2026 FlyCode © All Right Reserved.

Visa Everything Award 2024
Logo for Stripe with the text "Find it on the Stripe App Marketplace" on a dark background.

ROI Calculator

Integrations

Stripe

Shopify

Connections

Policy

Terms of use

Terms of service

Privacy

Security

Resources

Manifesto

Payment Audit

Customers

Documentation

Socials

Twitter

Linkedin

Blog

Giving Back

Partnering with organizations that promote women in technology and families in need is something we are proud to do.

Text graphic displaying "SPE CODES; NEXT LEVEL" in a bold, stylized font on a solid background.
Logo featuring a stylized text "Catching" with an orange accent, set against a simple background.

2026 FlyCode © All Right Reserved.