Stripe stolen_card — recovery guide

stolen_card means the customer reported their card stolen to their issuing bank, and the bank has blocked it. Any further charge attempt will be refused permanently. The customer will receive (or has already received) a replacement card with a new number.

Importantly: stolen_card means the legitimate cardholder reported the theft. If a fraudster had access to the card to use on your service, the bank wouldn't know to flag it. The person behind the account is almost certainly the real customer.

Customers dealing with a stolen card are usually juggling:

• Calling the bank, filing a report
• Reviewing every charge for fraud
• Waiting on a new card in the mail (3–10 days)
• Updating every subscription service they use

A firm "YOUR PAYMENT FAILED, UPDATE NOW" email lands badly. A gentle "no rush, here's the link for when you're ready" email is strictly better — customers who feel respected recover at higher rates than customers who feel pressured.

1. +1h: gentle email, acknowledge the situation, Billing Portal link.
2. Disable auto-retry — never retry a stolen_card.
3. +72h: second email (longer gap than other codes, they need time).
4. +7d: SMS — only if no response yet.
5. +10d: final email + subscription pause.

The 72-hour gap (vs 24–48h for most codes) matches the typical replacement-card delivery window.

Hi [name], the card we had on file for [product] was reported stolen, so we won't be able to charge it again. Sorry you've had to deal with that — no rush on your end. When your replacement card arrives, it takes 20 seconds to update:

[Add new card →]

We'll keep your account active for the next 10 days while you sort it out.