Save a card without bank authentication
Collect card details and charge your customer at a later time.
Stripe allows you to collect card details and charge your customer at a later time. In some regions, banks require a second form of authentication such as entering a code sent to a phone. The extra step decreases conversion if your customer isn’t actively using your website or application because they aren’t available to authenticate the purchase.
If you primarily do business in the US and Canada, banks don’t require authentication, so you can follow this simpler integration. This integration will be non-compliant in countries that require authentication for saving cards (for example, India) so building this integration means that expanding to other countries or adding other payment methods will require significant changes. Learn how to save cards that require authentication.
Compliance
You’re responsible for your compliance with all applicable laws, regulations, and network rules when saving a customer’s payment details. For instance, if you want to save their payment method for future use, such as charging them when they’re not actively using your website or app. Add terms to your website or app that state how you plan to save payment method details and allow customers to opt in. If you want to charge them when they’re offline, make sure your terms include the following:
- The customer’s agreement to your initiating a payment or a series of payments on their behalf for specified transactions.
- The anticipated timing and frequency of payments (for example, if the charges are for scheduled instalments, subscription payments, or unscheduled top-ups).
- How you determine the payment amount.
- Your cancellation policy, if the payment method is for a subscription service.
Make sure you keep a record of your customer’s written agreement to these terms.
Collect card detailsClient-side
Before starting this guide, you need a Stripe account. Register now.
Build a checkout page to collect your customer’s card details. Use Stripe Elements, a UI library that helps you build custom payment forms. To get started with Elements, include the Stripe.js library with the following script on your checkout page.
<script src="https://js.stripe.com/v3/"></script>
Always load Stripe.js directly from js.stripe.com to remain PCI compliant. Don’t include the script in a bundle or host a copy of it yourself.
To best leverage Stripe’s advanced fraud functionality, include this script on every page on your site, not just the checkout page. Including the script on every page allows Stripe to detect suspicious behaviour that might indicate fraud when users browse your website.
Add Elements to your page
To securely collect card details from your customers, Elements creates UI components for you hosted by Stripe. They’re then placed into your payment form, rather than you creating them directly. To determine where to insert these components, create empty DOM elements (containers) with unique IDs within your payment form.
<input id="cardholder-name" type="text"> <!-- placeholder for Elements --> <div id="card-element"></div> <div id="card-result"></div> <button id="card-button">Save Card</button>
Next, create an instance of the Stripe object, providing your publishable API key as the first parameter. After, create an instance of the Elements object and use it to mount a card
element in the DOM.
The card
Element simplifies the payment form and minimizes the number of required fields by inserting a single, flexible input field that securely collects all necessary card details.
Otherwise, combine cardNumber
, cardExpiry
, and cardCvc
Elements for a flexible, multi-input card form.
Note
Always collect a postal code to increase card acceptance rates and reduce fraud.
The single line Card Element automatically collects and sends the customer’s postal code to Stripe. If you build your payment form with split Elements (Card Number, Expiry, CVC), add a separate input field for the customer’s postal code.
const stripe = Stripe(
); const elements = stripe.elements(); const cardElement = elements.create('card'); cardElement.mount('#card-element');'pk_test_TYooMQauvdEDq54NiTphI7jx'
A Stripe Element contains an iframe that securely sends the payment information to Stripe over an HTTPS connection. The checkout page address must also start with https://
rather than http://
for your integration to work.
You can test your integration without using HTTPS. Enable it when you’re ready to accept live payments.
const cardholderName = document.getElementById('cardholder-name'); const cardButton = document.getElementById('card-button'); const resultContainer = document.getElementById('card-result'); cardButton.addEventListener('click', async (ev) => { const {paymentMethod, error} = await stripe.createPaymentMethod({ type: 'card', card: cardElement, billing_details: { name: cardholderName.value, }, } ); if (error) { // Display error.message in your UI. resultContainer.textContent = error.message; } else { // You have successfully created a new PaymentMethod resultContainer.textContent = "Created payment method: " + paymentMethod.id; } });
Send the resulting PaymentMethod ID to your server.
Set up StripeServer-side
Use our official libraries for access to the Stripe API from your application:
Save the cardServer-side
Save the card by attaching the PaymentMethod to a Customer. You can use the Customer object to store other information about your customer, such as shipping details and email address.
If you have an existing Customer, you can attach the PaymentMethod to that object instead.
At this point, associate the Customer ID and the PaymentMethod ID with your own internal representation of a customer, if you have one.
Charge the saved cardServer-side
When you’re ready, fetch the PaymentMethod and Customer IDs to charge. You can do this by either storing the IDs of both in your database, or by using the Customer ID to look up all the Customer’s available PaymentMethods.
Use the PaymentMethod ID and the Customer ID to create a new PaymentIntent. Set error_on_requires_action to true to decline payments that require any actions from your customer, such as two-factor authentication.
When a payment attempt fails, the request also fails with a 402 HTTP status code and Stripe throws an error. You need to notify your customer to return to your application (for example, by sending an email) to complete the payment. Check the code of the Error raised by the Stripe API library or check the last_payment_error.decline_code on the PaymentIntent to inspect why the card issuer declined the payment.
Handle any card errors
Notify your customer that the payment failed and direct them to the payment form you made in Step 1 where they can enter new card details. Send that new PaymentMethod ID to your server to attach to the Customer object and make the payment again.
Alternatively, you can create a PaymentIntent and save a card all in one API call if you have already created a Customer.
Setting setup_future_usage to on_
indicates to Stripe that you wish to save the card for later, without triggering unnecessary authentication.
Test the integration
Stripe provides test cards you can use in test mode to simulate different cards’ behaviour. Use these cards with any CVC, postal code, and expiry date in the future.
Number | Description |
---|---|
Succeeds and immediately processes the payment. | |
Always fails with a decline code of insufficient_ . | |
Requires authentication, which in this integration will decline with a code of authentication_ . |
Upgrade your integration to handle card authentication
This integration declines cards that require authentication during payment. If you start seeing many payments in the Dashboard listed as Failed
, then it’s time to upgrade your integration. Stripe’s global integration handles these payments instead of automatically declining.