SCA readiness
SCA grandfathering

SCA grandfathering

Learn which types of payments are eligible for grandfathering.

If you’re affected by SCA, update your Stripe integration now, regardless of grandfathering eligibility. Grandfathering only applies to a small subset of payments scenarios. Stripe provides migration guides to help.

Grandfathering eligibility

Strong Customer Authentication (SCA) requires an additional step of customer authentication, but sometimes you collect payments when your customer isn’t actively using your application. Even if they authenticated in the past, SCA may require your customer to come back online and re-authenticate. To reduce friction in these off-session payments, Stripe APIs enable upfront authentication—so you can authenticate your customer on-session once and reuse the card off-session repeatedly. As of September 14, 2019, you need to use these APIs to reduce the chance of failed payments when reusing cards or creating subscriptions and invoices.

However, off-session payments that meet the following criteria are eligible for SCA grandfathering:

  • Cards from EU customers saved before December 31, 2020
  • Cards from UK customers saved before September 14, 2021

Grandfathering means you don’t have to use Stripe’s new APIs to set up saved cards again, and your off-session payments can proceed normally—without re-authentication from customers.

How SCA grandfathering works

All off-session payments that meet both of these conditions are eligible for grandfathering, regardless of payment amount and frequency:

Stripe automatically looks for a transaction made with the card prior to the grandfathering eligibility cutoff. If found, Stripe uses the previous authorization agreement to grandfather the current transaction. If the bank accepts Stripe’s grandfathering claim, the transaction is categorized as out of scope for SCA and can proceed without additional authentication.

If the bank declines Stripe’s grandfathering claim, it’s like any other PaymentIntent failing the confirmation step. The PaymentIntent’s status changes to requires_payment_method, and you have to notify your customer to complete the payment.

Saving cards after the grandfathering eligibility period

Now that SCA has taken effect, save and reuse cards with the Payment Intents and Setup Intents APIs to qualify for off-session exemptions. You can also save cards using Stripe Checkout.

Preparing your saved cards for SCA

The following off-session payments are eligible for grandfathering. Regardless of how you saved the card, use PaymentIntents and tell Stripe the payment is off-session.

How you saved the card before the grandfathering eligibility cutoffWhat to do after the grandfathering eligibility period
By passing a token, source, or payment method to the CustomerCreate a PaymentIntent with off-session flag
By creating a SetupIntent or using setup_future_usage in a PaymentIntentCreate a PaymentIntent with off-session flag

To grandfather subscriptions and invoices managed with Stripe Billing, refer to the Billing SCA guide.

Next steps