# Saving payment methods for subscriptions after Strong Customer Authentication (SCA) regulations take effect

### Saving Card Details First Without An initial Payment
If you want to save a customer's card without charging them for their subscription right away, use Stripe's [Setup Intents API](https://stripe.com/docs/api/setup_intents) to [create a SetupIntent](https://stripe.com/docs/payments/cards/saving-cards#saving-card-without-payment) to capture their card details. This `SetupIntent` will optimize the authentication flow when you charge your customer for the first time (using the [Payment Intents API](https://stripe.com/docs/payments/payment-intents)), as well as the recurring payment process.
### Saving Card Details Along with the First Payment
If you want to save card details at the same time as the first charge, [create a PaymentIntent](https://stripe.com/docs/payments/cards/saving-cards#saving-card-after-payment) to charge and capture the card details for future use. Use the [setup_future_usage](https://stripe.com/docs/api/payment_intents/object#payment_intent_object-setup_future_usage) parameter to indicate how you expect future charges to occur:
* _on-session_ means that the customer will actively be on your site or app for future payments.
  * Their first payment is considered _on-session_, as the first payment must be authenticated by the customer using [3D Secure authentication](https://stripe.com/docs/payments/3d-secure).
* _off-session_ means that future charges will take place automatically, regardless of whether or not the customer is on your site or app.
When the PaymentIntent is created and you charge your customer, they will be taken through a verification flow to authenticate unless [frictionless flow](/questions/frictionless-flow-for-charges-created-using-3d-secure-2-3ds2) is applied (only available for [3D Secure 2](https://stripe.com/en-at/guides/3d-secure-2)).
### Recurring Payments
If you first created a `SetupIntent`, or if you created a `PaymentIntent` with the `setup_future_usage` parameter set to `off_session` for their first charge, the next charge will automatically request a [Merchant-Initiated-Transaction exemption](/questions/strong-customer-authentication-sca-exemptions-for-recurring-charges-with-stripe-billing) from the card issuer which would allow the charge to succeed without authentication.
The exemption is allowed at the discretion of the card-issuing bank. If the issuer rejects the exemption request, the customer will need to be brought back to your website or app to authenticate the purchase _on-session_. This can be done by:
* Setting up [automatic 3D Secure authentication emails](https://dashboard.stripe.com/account/billing/automatic) in your Billing settings,
* Using Stripe's [hosted invoices](https://stripe.com/docs/billing/invoices/hosted) to email your customer with a customized email that takes them to a hosted authentication URL, or
* [Manually redirect them](https://stripe.com/docs/billing/migration/strong-customer-authentication#scenario-3) to the authentication URL from within your website or app flow.
## Additional Information
* [Exemptions](https://stripe.com/en-be/guides/strong-customer-authentication#exemptions-to-strong-customer-authentication) are allowed only at the discretion of the customer's bank, so we recommend setting your checkout flow for _off-session_ payments in the event the exemption request is not accepted.