Stripe 3DS Authentication Abandoned by Customer
Root cause
The Stripe PaymentIntent for a subscription renewal entered requires_action state (3DS required), the customer was sent the authentication URL, but they did not complete the authentication before the URL expired — typically 24–72 hours depending on the issuer.
Symptoms
- • Stripe PaymentIntent shows status: canceled after transitioning through requires_action
- • The subscription renewal email with the 3DS link was opened but authentication was not completed
- • Recharge shows the subscription charge as FAILED after the PaymentIntent expiry
- • The customer's subscription remains technically active but the billing cycle was missed
How to fix it
Detect abandoned 3DS authentications proactively
Monitor for Stripe PaymentIntents in requires_action state that are older than 24 hours. Set up a daily job that queries Stripe for open requires_action PaymentIntents: GET /v1/payment_intents with status=requires_action. For each found, check when it was created — if older than 24 hours without the customer completing authentication, send a follow-up reminder email immediately.
Create a new billing attempt after the original PaymentIntent expires
Once the original PaymentIntent expires (moves to canceled), create a new subscriptionBillingAttemptCreate via Shopify or a new Stripe PaymentIntent via Recharge for the missed billing cycle. The new attempt will again trigger requires_action if the card requires 3DS. Send the new authentication URL immediately — do not wait for the customer to notice the failed payment.
Reduce future abandonment with better email timing and content
3DS authentication emails are frequently abandoned because customers do not recognize them as legitimate. Improve your authentication email: use a subject line that names your brand and the subscription ('Your [Brand] subscription needs verification — action required'), send it within minutes of the billing failure (not the next day), and include a clear deadline. Send a second email 12 hours before the URL expires as a final reminder.
Frequently asked questions
How long does a Stripe 3DS authentication URL remain valid?
The authentication URL validity depends on the card issuer — typically 24 to 72 hours. After the URL expires, the Stripe PaymentIntent transitions to canceled. You cannot extend the expiry — once canceled, create a new PaymentIntent or billing attempt to get a fresh authentication URL. Send the authentication email within minutes of the billing failure to maximize the window available to the customer.
Is there a way to bypass 3DS for subscription renewals?
Partially. The Merchant-Initiated Transaction (MIT) exemption allows off-session subscription renewals without 3DS if the card was properly set up with a SetupIntent that completed 3DS authentication. If the original subscription setup included a SetupIntent with usage: off_session and the customer completed 3DS during setup, future renewals typically receive the MIT exemption and bypass 3DS entirely.
Detect this error automatically
Free cross-stack scan finds all billing errors in 60 seconds.
Run Free Scan →