Authentication required — The charge needs 3D Secure authentication and didn't complete it.
European cardholders subject to PSD2 SCA. Off-session retries fail without customer auth.
| Retry strategy | Don't retry |
|---|---|
| Customer-facing action | Send a card-update flow |
| Recovery rate (retry only) | ~5% |
| Recovery rate (with customer flow) | ~75% |
Send the customer back to a Stripe Customer Portal session that triggers SCA. Off-session retries are a dead end here.
The recommended Stripe Customer Portal session for the recovery flow:
session = stripe.billing_portal.Session.create(
customer=customer_id,
return_url="https://yourapp.com/billing/thanks",
flow_data={"type": "payment_method_update"},
)
update_link = session.urlauthentication_required is one of dozens of decline codes Stripe returns; recovery rates vary by code by 5x or more. The recovery-rate reference covers the full set; the card-update flow article covers the customer-facing side; dunning emails covers how to write the messages.
DunningKit's open-source CLI parses your Stripe failed-charges CSV and gives you the breakdown by code, with recoverable-revenue estimates. pip install dunningkit.