3D Secure for Subscription Merchants: Handling Recurring Authentication

3D Secure creates unique challenges for subscription merchants. Unlike one-off purchases, subscriptions involve an initial transaction (where authentication makes sense) followed by a series of recurring charges (where requiring re-authentication each cycle would cause catastrophic churn). Understanding how 3DS and SCA handle recurring payments is essential for any merchant on a subscription billing model.

The First Transaction: Full Authentication Required

When a subscriber first signs up and enters their card, this transaction must be fully SCA-authenticated in markets where SCA applies. This is the moment to capture explicit consent for future recurring charges — both for SCA compliance and for the stored credential agreement required by card networks. The 3DS authentication at signup establishes the “initial transaction” that unlocks MIT exemptions for future charges.

Subsequent Charges: Merchant-Initiated Transactions (MIT)

After the initial authenticated transaction, subscription renewal charges are classified as Merchant-Initiated Transactions (MIT) — charges initiated by the merchant based on a prior agreement, without the customer actively present. MIT exemptions allow these charges to bypass SCA requirements, provided:

• The initial transaction was SCA-authenticated
• Stored credential consent was properly captured at signup
• The MIT flag is correctly set in the authorization request
• The charge matches the terms agreed at signup (same amount or stated variable amount)

SCA Compliance for Subscription Sign-Ups

To ensure your subscription sign-up qualifies for MIT exemptions on future charges, the initial transaction must include proper stored credential language in the terms the customer agrees to, and the payment processor must flag the transaction with the appropriate card network credential-on-file indicators. ConvesioPay and WooCommerce Subscriptions handle this automatically when properly configured.

What Happens When a Subscription Payment Fails

Failed subscription payments — due to expired cards, declined authorization, or insufficient funds — require careful handling. If a merchant retries a failed payment by contacting the customer to update their card, the new payment should be treated as a fresh transaction and may require SCA re-authentication depending on the method used. ConvesioPay’s smart retry logic handles failed payment sequencing within card network guidelines.

ConvesioPay for Subscription Merchants

ConvesioPay integrates deeply with WooCommerce Subscriptions to handle the full subscription payment lifecycle — initial SCA-authenticated sign-up, MIT-flagged renewals, failed payment retries, and card account updates. Network tokenization automatically updates stored credentials when cards are reissued. Merchants pay 2.9% + $0.30 per transaction with no monthly fees, including all recurring billing functionality.