The new Payment Intents and Setup Intents APIs allow you to save card details to reuse later in accordance with regulations. Stripe handles the logic around managing exemptions and only prompts the customer for authentication when necessary.
There are two parts to building a payment flow that reuses cards:
Charging a saved card
You can use a saved card to later charge on-sessionA payment is described as on-session if it occurs while the customer is actively in your checkout flow and able to authenticate the payment method. when the customer is in your checkout flow or off-sessionA payment is described as off-session if it occurs without the direct involvement of the customer, using previously-collected payment information. when they are not in your checkout flow.
Saving cards after a payment
The Payment Intents API allows you to save cards after charging customers. This flow is great for businesses that subscribe customers to a monthly subscription or allow saving cards for future purchases:
- A gym membership that charges a member once a month
- An e-commerce store that lets a customer save their card after making an order
- A store uses Terminal to accept in-store payments, and saves the customer’s card details for later online purchases
Saving cards without making an initial payment
Use the Setup Intents API to authenticate a customer’s card without making an initial payment. This flow works best for businesses that want to onboard customers without charging them right away:
- A car rental company that collects card details before the customer rents the car and charges the card after the rental period ends
- A crowdfunding website that collects card details to be charged later if the campaign reaches a certain amount
- A utility company that charges a different amount each month based on usage and wants to collect card details before the first month’s payment
Getting permission to save a card
Once you set up your payment flow to properly save a card with the Payment Intents or Setup Intents API, Stripe will mark any subsequent off-session payment as a merchant-initiated transactionA payment made off-session with a properly authenticated saved card, can qualify as merchant-initiated transaction and be exempt from SCA. (MIT) to reduce the need to authenticate. Merchant-initiated transactions require an agreement (also known as a “mandate”) between you and your customer. Add terms to your website or application on how you plan to process payments that your customer can opt into.
At a minimum, ensure that your terms cover the following:
- The customer’s permission to you initiating a payment or a series of payments on their behalf
- The anticipated frequency of payments (i.e., one-time or recurring)
- How the payment amount will be determined
Add text in your checkout flow that references the terms of the payment, for example:
Charging a saved card on-session
The Payment Intents API enables you to charge a saved card on-session, while the customer is interacting with your application. Examples relate to a faster, easier payment experience for existing customers:
- Using a returning customer’s saved card for one-click checkout
- Upgrading an existing customer’s subscription plan to a more expensive tier
Charging a saved card off-session
You can also use the Payment Intents API to process payments when your customer is off-session, or not currently interacting with your application. Common off-session payment scenarios relate to deferred, tacked on, or recurring payments:
- Collecting surcharges after fulfilling service previously (e.g., incidental charges collected by hotels)
- Charging a card once a month for a subscription
Was this page helpful?