Stripe Decline Code · Glossary
incorrect_cvc fires when the 3 or 4-digit security code (CVV/CVC) entered by the customer doesn't match what the card issuer has on file — causing the bank to reject the transaction as a security violation.
What It Means
What It Means
incorrect_cvc fires when the 3 or 4-digit security code (CVV/CVC) entered by the customer doesn't match what the card issuer has on file — causing the bank to reject the transaction as a security violation. It is a card-data error, not a funds error — meaning the customer's card may be perfectly valid and fully funded, but the payment will keep failing until the correct CVC is entered or a new payment method is submitted.
Not sure if this code is recoverable for your specific situation? Use the Stripe Failure Lookup →
Why It Happens
Why It Happens
What NOT to Do
What NOT to Do
✕ Don't retry without prompting the customer to re-enter their CVC
incorrect_cvc is almost always a data entry problem — retrying the exact same stored card details will produce the exact same failure every single time. Every blind retry is guaranteed to fail until the underlying CVC mismatch is corrected.
✕ Don't immediately assume fraud and hard-block the customer
While a wrong CVC can be a fraud signal, the majority of incorrect_cvc failures on subscription billing come from genuine customers with reissued cards or simple typos — not fraud attempts. Immediately blocking or cancelling their account without a correction opportunity destroys good customer relationships unnecessarily.
✕ Don't only update the CVC field — prompt a full card details review
Because some issuers conflate expiry and CVC errors into the same code, asking a customer to only re-enter their CVC may not fix the issue. Your card update flow should prompt them to verify all fields — card number, expiry, CVC, and billing address — in one step.
Retry Timing
Retry Timing
incorrect_cvc has no retry window — it is a data accuracy problem, not a timing problem. All recovery effort flows into getting the customer to correct their card details.
Recovery Benchmark
Recovery Benchmark
| Metric | Result |
|---|---|
| Recovery with immediate card update prompt | 55–70% |
| Recovery with in-app + email combined | 65–75% |
| Recovery within 48 hours of failure | ~50–60% (fastest of all data-error codes) |
| Recovery with blind retries only (no prompt) | ~0–5% |
| Fraud-related incorrect_cvc (non-recoverable) | ~5–10% of all occurrences |
A 65%+ recovery rate on incorrect_cvc is achievable with a fast, frictionless card update flow. The biggest drop-off happens when the update page requires too many steps — every extra click between the email CTA and the CVC input field costs you 5–10% recovery. Optimize your card update UX for single-screen, pre-filled corrections.
At Scale
At Scale
Automated
Manual Escalation
FAQs
FAQs
What does the Stripe incorrect_cvc decline code mean?
The incorrect_cvc decline code means the card security code (CVV/CVC) entered by the customer does not match the code the issuing bank has on file. The card itself may be valid and funded — but every charge attempt will fail until the correct CVC is provided or a new payment method is added.
What causes an incorrect_cvc error in Stripe?
Common causes include a simple typo at checkout, a reissued card with a new CVC number, an issuer returning incorrect_cvc when the expiry date is actually wrong, Stripe Radar blocking the payment due to a CVC check failure rule, or a fraud attempt using stolen card data without the correct security code.
Should I retry a payment after a Stripe incorrect_cvc error?
No. Retrying the same card details will always fail because the CVC mismatch remains unchanged. All recovery effort should go into prompting the customer to update their card details — specifically to verify their card number, expiry date, CVC, and billing address in one step.
Can incorrect_cvc be a fraud signal in Stripe?
Yes, but it is not the most common cause. Fraudsters using scraped card data often lack the correct CVC, so a first-charge incorrect_cvc failure on a brand-new account warrants manual review. However, for existing long-tenure customers, the same error most likely indicates a reissued card or a simple typo rather than fraud.
What is the recovery rate for Stripe incorrect_cvc failures?
With a fast, frictionless card update flow triggered within 60 minutes of the failure, recovery rates of 65–75% are achievable. Without any customer prompt, blind retry recovery is near zero since the CVC mismatch is never corrected.
What to do next
You are here
incorrect_cvc
Decline code reference
Check recoverability
Stripe Failure Lookup
See what's recoverable — and what isn't →
Then
Sign up for Recurflux
Automate recovery for every decline code →
Before you retry
Before you retry
Most incorrect_cvc failures are retried on the wrong schedule — which recovers the payment about 30% of the time. The other 70% leaves permanently. See what this code is actually costing at your MRR before deciding how to handle it.
Stop leaving revenue on the table
Recurflux handles code-specific retry scheduling, adaptive dunning, and dispute intelligence across all 30 Stripe decline codes. Connect in under 5 minutes.