← Decline Codes
Hard Decline

Stripe Decline Code · Glossary

revocation_of_authorization

revocation_of_authorization fires when the cardholder has specifically revoked the recurring payment authorization they previously granted to your merchant — the bank received a formal instruction from the customer to cancel permission for your subscription charges on that card.

Non-recoverable·Updated May 2026

What It Means

What revocation_of_authorization actually means.

revocation_of_authorization fires when the cardholder has specifically revoked the recurring payment authorization they previously granted to your merchant — the bank received a formal instruction from the customer to cancel permission for your subscription charges on that card. Unlike stop_payment_order (which blocks a specific charge) or do_not_honor (which is ambiguous), this code is a targeted, deliberate withdrawal of the recurring billing mandate itself — the customer has told their bank they no longer want you charging their card on an ongoing basis.

Not sure if this code is recoverable for your specific situation? Use the Stripe Failure Lookup →

Why It Happens

The root causes.

  • 1Customer cancelled authorization directly through their bankInstead of cancelling through your product's offboarding flow, the customer contacted their bank and revoked the standing recurring payment authorization — a path chosen when customers don't trust your cancellation process, can't find the cancel button, or want an immediate bank-enforced stop
  • 2Bank revoked authorization on customer complaintThe customer filed a complaint with their bank about recurring charges — citing unauthorized billing, billing after cancellation, or incorrect amounts — and the bank proactively revoked your recurring authorization on their behalf
  • 3Confusing billing descriptor triggered revocationCustomer didn't recognize your company name on their bank statement, assumed the recurring charge was unauthorized, and revoked the authorization rather than investigating the merchant — a billing descriptor problem masquerading as a revocation event
  • 4Previous chargeback or dispute historyIf a customer has previously disputed a charge from your merchant, some banks automatically revoke future recurring authorizations as a precautionary protective measure
  • 5Regulatory-mandated authorization cancellationIn markets with strong consumer payment protection laws (EU PSD2, India RBI, UK FCA), banks are required to honor cardholder requests to revoke recurring mandates — making this code more prevalent in regulated markets than in the US

What NOT to Do

Common mistakes that make it worse.

Never retry — this is a legal revocation of billing permission

The customer has formally withdrawn authorization for you to charge their card. Retrying is not just guaranteed to fail — it can constitute an unauthorized transaction under consumer protection regulations in multiple jurisdictions. A revocation_of_authorization followed by a retry attempt is a direct path to a chargeback, a regulatory complaint, and potential Stripe account review. Zero retries, zero exceptions — this is non-negotiable.

Don't treat it like stop_payment_order and run the same workflow

While both are deliberate customer actions, revocation_of_authorization specifically revokes the recurring mandate — meaning it has implications for all future charges on that card, not just the current one. Your system must immediately halt all future scheduled charges against this card, not just block the current attempt. Failing to do so exposes you to multiple unauthorized charge disputes on future billing cycles.

Don't respond with an automated dunning sequence

This code signals a customer relationship event that requires a human response — sending automated retry emails or payment update prompts to a customer who has formally revoked authorization is tone-deaf at best and legally risky at worst. Your response must be empathetic, personal, and focused on understanding why they revoked rather than pushing them back to paying.

Retry Timing

Optimal retry schedule.

Zero retries — permanent. The entire response framework is a customer relationship recovery and win-back sequence, not a payment recovery sequence.

Recovery Benchmark

What good looks like.

MetricResult
Overall payment recovery rate8–18%
Recovery from billing descriptor confusion cases35–50% — highly preventable
Recovery from genuine cancellation intent3–8% — minimal
Chargeback escalation if no outreach within 72 hrs35–55%
Recovery with automated dunning only~2–4% (and increases dispute risk)
Win-back rate (30–60 days)15–25% for confusion/process-failure cases

Like stop_payment_order, your primary KPI is chargeback prevention, not payment recovery. A human outreach response within 48 hours that resolves the root cause — with a proactive refund where warranted — prevents 50–65% of revocation_of_authorization events from escalating to formal disputes. The secondary metric is billing descriptor clarity: a clear, recognizable descriptor eliminates 30–40% of confusion-driven revocations entirely.

At Scale

How to handle it at scale.

Automated

  • Webhook trigger: invoice.payment_failed → check failure_code === 'revocation_of_authorization' → immediately execute two actions in parallel: (1) cancel all future scheduled charges on this card, (2) fire an internal alert to your team for human escalation within 2–4 hours
  • Absolute no-retry lock: revocation_of_authorization must be in your hardest no-retry blocklist — no automation, scheduler, or manual override should ever fire a charge attempt against a card with this failure code
  • Subscription state management: Move subscription to cancelled or paused state immediately — do not leave active with future charges pending; any future charge attempt against a revoked authorization is a potential unauthorized transaction
  • Billing descriptor audit trigger: Tag all revocation_of_authorization events and cross-reference with your current Stripe billing descriptor — if multiple customers from the same cohort or time period are revoking, your descriptor is likely unrecognizable; update it in your Stripe Dashboard immediately
  • Internal Slack/email alert: This code requires human decision within hours — automate the internal escalation so a team member is assigned within 2 hours of the event firing, not when they next check their dashboard
  • Chargeback risk timer: Set a 72-hour countdown from the revocation event — if no human outreach has been completed by hour 72, escalate to urgent priority; the revocation-to-chargeback window is typically 3–7 days

Manual Escalation

  • Human email within 2–4 hours: The most critical action — a genuine, personal message: "Hi [name], we noticed your recurring payment authorization was cancelled and wanted to reach out personally. We want to understand if there's anything we did wrong and make it right." — no templates, no automation feel, no payment retry CTA
  • Root cause investigation first: Before contacting the customer, check your records — did they submit a cancellation that wasn't processed? Was there a billing error? Do they have any open support tickets? Come to the conversation with context, not just questions
  • Proactive refund offer for billing errors: If the revocation followed a billing mistake — wrong amount, charge after cancellation, duplicate charge — a proactive full refund offer in the first email resolves 60–70% of cases and prevents chargeback escalation at a fraction of the cost of a formal dispute
  • Cancellation flow audit: Every revocation_of_authorization is a direct signal that your cancellation UX has friction — customers reaching for their bank to stop billing means they couldn't, wouldn't, or didn't trust your own cancellation path. Audit and simplify your offboarding flow after every occurrence
  • Win-back sequence (30–60 days): For customers who revoked due to billing confusion or process failure (not genuine product dissatisfaction), a personal win-back email 30 days post-resolution — with a discount or restored access offer — recovers 15–25% as paying customers again

FAQs

Frequently asked questions.

What does the Stripe revocation_of_authorization decline code mean?

revocation_of_authorization means the cardholder has formally withdrawn the recurring payment authorization they previously granted to your merchant. The bank received a direct instruction from the customer to cancel permission for your subscription charges. Unlike a stop payment order which blocks a single charge, this code revokes the recurring billing mandate entirely — all future charges against this card are now unauthorized.

What are the most common causes of a revocation_of_authorization in Stripe?

Common causes include the customer cancelling the recurring authorization directly through their bank instead of through your product, the bank revoking authorization after a customer complaint about recurring charges, an unrecognizable billing descriptor causing the customer to flag the charge as unauthorized, a prior chargeback or dispute triggering an automatic bank-side revocation, and regulatory-mandated authorization cancellations in EU, UK, and Indian markets.

Should I retry a payment after a Stripe revocation_of_authorization decline?

Never. The customer has formally withdrawn authorization for you to charge their card. Retrying can constitute an unauthorized transaction under consumer protection regulations and is a direct path to a chargeback and potential Stripe account review. Immediately cancel all future scheduled charges on this card and respond with human outreach within 2–4 hours instead.

How do I prevent revocation_of_authorization from escalating to a chargeback?

Respond with personal human outreach within 48–72 hours — this is the critical window before a revocation typically escalates to a formal chargeback filing. Investigate the root cause, offer a proactive refund if billing was in error, and simplify your cancellation flow to prevent customers from needing to use their bank as an intermediary. A clear, recognizable billing descriptor eliminates 30–40% of confusion-driven revocations entirely.

What is the recovery rate for Stripe revocation_of_authorization failures?

Overall payment recovery is 8–18%, one of the lowest in Stripe's taxonomy. For billing descriptor confusion cases where customers revoked due to not recognizing the charge, recovery rates of 35–50% are achievable with personal human outreach. The primary metric to optimize is chargeback prevention — proactive human response within 72 hours prevents 50–65% of revocation events from escalating to formal disputes.

Before you retry

Most revocation_of_authorization failures are retried on the wrong schedule — which recovers the payment about 30% of the time. The other 70% leaves permanently. See what this code is actually costing at your MRR before deciding how to handle it.

See what revocation_of_authorization costs me →

Stop leaving revenue on the table

revocation_of_authorization can't be retried — but it can be caught earlier.

Recurflux handles code-specific retry scheduling, adaptive dunning, and dispute intelligence across all 30 Stripe decline codes. Connect in under 5 minutes.