Stripe stolen_card: What It Means and How to Handle It
stolen_card is a hard decline that requires careful handling. Retrying risks network penalties. Emailing requires verifying the account belongs to the legitimate cardholder.
Contents
stolen_card means the card on file has been reported stolen by the cardholder. The issuing bank has blocked the card permanently. This is a hard decline that requires more careful handling than most other failure codes.
What does stolen_card mean?
stolen_card means the cardholder reported their card as stolen and the issuing bank has blocked it from further use. No charge against this card will succeed.
Unlike lost cards, stolen cards carry an additional consideration: someone other than your customer may have had access to the card. That changes how you should approach the recovery email.
Why stolen_card requires careful handling
Retrying is the obvious mistake to avoid. Repeated charges against a stolen card flag the merchant to card networks and create potential compliance exposure.
The subtler risk is in the recovery email. Before emailing the account associated with the stolen card, confirm that the email address in your system belongs to the legitimate cardholder, not a fraudster who set up the subscription using a stolen card.
Check for fraud signals before sending recovery communications: recent account creation, subscription started shortly before the decline, unusual usage patterns, or other cards on the account that were also declined. These are the same signals that point to friendly fraud rather than a legitimate customer. If the account looks suspicious, flag it for manual review before reaching out.
How to handle stolen_card
Step 1: Stop all retries. Do not retry. The card is blocked and repeated attempts create network penalty risk.
Step 2: Flag the account for review. Before sending any email, review the account for fraud indicators. A stolen card used to pay for a subscription is a signal worth investigating.
Step 3: If the account looks legitimate, email promptly.
Most stolen_card declines on established subscription accounts are exactly what they appear to be: a customer had their card stolen and has not yet updated their payment details. Email them with empathy, acknowledge the payment did not go through, and link directly to your payment update page.
Step 4: Follow up at day 7 and day 14. Customers dealing with a stolen card have a lot to manage. A gentle follow-up gives them a second chance to update their details once things settle.
What Recova does with stolen_card
Recova classifies stolen_card as a hard decline, suppresses all retries, and routes it to an email sequence starting on day 1. For accounts flagged with fraud signals, the sequence holds for manual review before sending. For clean accounts, the email goes out immediately.
- What does stolen_card mean on Stripe?
- The cardholder reported their card stolen and the issuing bank has blocked all further charges. This is a permanent hard decline.
- Should I retry a stolen_card decline?
- No. Retrying will not succeed and repeated attempts against a reported-stolen card can trigger card network compliance reviews.
- Is it safe to email a customer after a stolen_card decline?
- Usually yes, but check the account for fraud signals first. Most stolen_card declines on established accounts are legitimate customers who had their card stolen. New accounts or accounts with other suspicious signals should be reviewed manually before contacting.
- How is stolen_card different from lost_card?
- Both are hard declines handled the same way at the payment level: no retries, immediate email. stolen_card warrants an extra fraud review step before contacting the account, since the card may have been used without the legitimate cardholder's knowledge.
- What fraud signals should I look for on a stolen_card account?
- Recent account creation, subscription started shortly before the decline, multiple declined cards on the account, and unusual usage patterns are the primary signals worth checking before sending recovery emails.
