Guide for saving cards in India

Recent Indian government regulations affecting card payments require the use of network tokenization to save the card information of India issued cards. You’ll need to update your existing Stripe integration following the steps outlined in this guide. If you don’t make these changes, you could see more payment failures once the new regulations take effect on June 30, 2022.

If you’re a Stripe user based in India, to ensure existing saved cards continue to work with network tokenization, and before saving a new card with Stripe, you must:

  1. collect cardholder consent, and

  2. perform 3D Secure (3DS) authentication.

Collect cardholder consent to save a new card

  1. Ensure that your checkout flow allows users to opt-in/opt-out of saving their card details. This allows Stripe to securely save the card information as a unique token in line with regulations.

  2. Be transparent with your customers on how you intend to use the saved card information as well as how they can delete their saved card details.

Perform 3D Secure authentication before saving the card

Cards must be authenticated via 3DS before they can be saved for future use. 3DS authentication made during a payment is sufficient to save the card information.

Integration changes for Stripe API users

Review the table below to see if there are any changes required to your Stripe integration.

If you’re currently using: Changes required for cardholder consent Changes required for 3DS authentication
Stripe hosted Checkout, Payment Links, or Invoices No changes required No changes required
Payment Intents API with setup_future_usage enabled to save payment details from a purchase Pass the setup_future_usage parameter, only if the customer consents to saving their card No changes required
Setup Intents API to save a customer’s card without an initial payment. Confirm the Setup Intent, only if the customer consents to saving their card No changes required
Attaching a PaymentMethod object to a Customer directly, or Creating a customer with a payment method Saving a card directly to a customer doesn’t trigger authentication via 3DS. This doesn’t meet the regulatory requirement and the API is likely to see failures in the future.

To attach a new PaymentMethod to a Customer for future payments, we recommend you use a SetupIntent or a PaymentIntent with setup_future_usage.

If you’re using this API to build a subscription, refer to the Build a subscription guide.
Saving a card created via the Sources or Tokens APIs These APIs are no longer recommended. To get the latest Stripe features and seamlessly stay compliant with ongoing regulations, migrate to the Payment Intents, Setup Intents, and Payment Methods APIs.

For further details, refer to our FAQs or reach out to support.