← Decline Codes
Soft Decline

Stripe Decline Code · Glossary

transaction_not_allowed

transaction_not_allowed fires when the issuing bank or card network has determined that the specific type of transaction being attempted is not permitted for this card — the card is active, the account may have funds, but a feature-level or transaction-class restriction is blocking this particular charge.

Recoverable·20–40%·Updated May 2026

What It Means

What transaction_not_allowed actually means.

transaction_not_allowed fires when the issuing bank or card network has determined that the specific type of transaction being attempted is not permitted for this card — the card is active, the account may have funds, but a feature-level or transaction-class restriction is blocking this particular charge. It is a structural hard decline that sits one layer below service_not_allowed in specificity: where service_not_allowed blocks a service category, transaction_not_allowed blocks a specific transaction feature — recurring billing, CNP authorization, cross-currency charging, or a specific merchant type interaction.

Not sure if this code is recoverable for your specific situation? Use the Stripe Failure Lookup →

Why It Happens

The root causes.

  • 1Recurring/subscription transaction type disabledThe card issuer has disabled the specific transaction subtype of recurring MIT (Merchant-Initiated Transaction) for this card — the card works for one-time CIT (Customer-Initiated Transaction) charges at checkout but fails the moment Stripe sends a recurring billing flag on subsequent subscription cycles
  • 2Card-not-present (CNP) transactions blockedThe customer's bank has explicitly disabled online or CNP transactions on this card product — physical POS charges work, but all e-commerce and subscription billing attempts fail at the transaction type level
  • 3Currency or cross-border transaction flagThe card is restricted from processing charges in a foreign currency or from a foreign acquiring bank — a domestic card attempting to authorize a USD or EUR billed transaction triggers this at the transaction feature level, distinct from a full geographic block
  • 4Merchant category incompatibility at transaction levelThe card network or issuer has flagged your specific MCC as incompatible with this card's permitted transaction types — common with digital goods, SaaS, and online services MCCs against certain regulated card products (government, payroll, benefits cards)
  • 53DS / authentication requirement not metSome issuers require Strong Customer Authentication (SCA) or 3D Secure for transaction approval — if your integration doesn't support or pass 3DS correctly, the issuer returns transaction_not_allowed instead of a softer authentication error, particularly common in EU and Indian markets under RBI mandates

What NOT to Do

Common mistakes that make it worse.

Don't retry the same transaction type on the same card

transaction_not_allowed is a feature-level structural block — the transaction type itself is forbidden on this card, not the timing or the funds. Retrying an MIT-flagged recurring charge against a card that doesn't allow MITs will fail every single time, indefinitely, regardless of how much time passes between attempts. Zero retries on identical transaction parameters.

Don't conflate it with restricted_card and use the same recovery flow

While transaction_not_allowed and restricted_card are siblings, they require different diagnostic steps. restricted_card is a card-level policy block; transaction_not_allowed is a transaction-feature block that may sometimes be resolved by changing how you initiate the charge — switching from MIT to CIT, enabling 3DS, or adjusting your transaction flags — without requiring the customer to change their payment method at all.

Don't skip the 3DS/SCA audit before escalating to the customer

A significant portion of transaction_not_allowed failures in EU, UK, and Indian markets are caused by missing or failed 3D Secure authentication — a technical issue on your integration side, not the customer's card. Sending a customer email asking them to update their payment method before you've checked whether your 3DS implementation is correctly passing authentication is the most avoidable mistake for this code.

Retry Timing

Optimal retry schedule.

transaction_not_allowed requires a technical triage-first approach before any customer-facing action — the recovery path splits based on whether the issue is on your integration side or the customer's card.

Recovery Benchmark

What good looks like.

MetricResult
Overall recovery rate20–40%
Recovery via 3DS fix / CIT re-auth (technical cases)50–65% of the technical subset
Recovery via alternate payment method (structural cases)25–35%
Recovery with blind retry (no triage)~5–8%
Recovery with generic card update email8–12%
3DS / SCA root cause as % of all occurrences (EU/IN)25–40% in regulated markets

A 35%+ overall recovery rate is achievable when you split the technical (3DS/MIT) and structural (card incompatibility) sub-types and handle them separately. Teams that route all transaction_not_allowed failures into a generic payment method update email miss the 3DS-fixable subset entirely and underperform by 15–20 percentage points versus triage-first workflows.

At Scale

How to handle it at scale.

Automated

  • Webhook trigger: invoice.payment_failed → check failure_code === 'transaction_not_allowed' → immediately run three checks before any downstream action: (1) customer geography, (2) card BIN classification, (3) transaction type flag (MIT vs. CIT) in the original charge object
  • 3DS audit gate: If customer is in EU, UK, or India AND failure is on a recurring charge → check your 3DS configuration before emailing the customer — if 3DS was not properly passed on initial setup, fix the integration and re-attempt via a customer authentication link before assuming the card is incompatible
  • CIT re-authorization flow: For MIT-rejected transactions where the card product supports CIT: generate a Stripe-hosted invoice payment link → email it to the customer with a "Please re-confirm your payment details" CTA → this triggers a fresh customer-authenticated charge that bypasses the MIT block on many card products
  • BIN-based routing:
  • Physical-POS-only card → immediate payment method switch email, zero retries
  • Corporate/government/benefits card → offer Stripe Invoices, ACH, or wire transfer
  • Consumer card in regulated market → 3DS re-auth flow first, payment switch second
  • Zero retries for structural sub-types: Add CNP-blocked, MCC-incompatible, and currency-restricted sub-types to your no-retry blocklist — only the 3DS and MIT sub-types have a meaningful retry pathway
  • Payment method update page: Ensure non-card options (bank transfer, PayPal, UPI, local methods) are prominently featured — transaction_not_allowed structural cases have the same conversion dynamic as service_not_allowed and restricted_card: alternate methods are the primary recovery path, not card replacement

Manual Escalation

  • 3DS integration failures on EU/IN/UK customers: Assign to your engineering team immediately — a broken 3DS implementation can cause systematic transaction_not_allowed failures across an entire customer segment from a regulated market; one integration fix recovers the full cohort
  • High-ACV accounts with MIT rejection: Personal outreach on Day 1 — walk the customer through the CIT re-authentication flow directly; high-value customers are worth a 10-minute guided process rather than an automated email that may get missed
  • B2B accounts with card-level incompatibility: Offer formal invoicing via Stripe Invoices or ACH as a permanent billing arrangement — enterprise customers often have corporate card restrictions that make card billing structurally unsuitable; an invoice-based billing model resolves this permanently
  • Recurring clusters by geography: If you see transaction_not_allowed spiking from a specific country — particularly India after RBI mandate changes or EU after PSD2 enforcement — treat it as a compliance and integration issue, not an individual customer problem; audit your 3DS and MIT setup for that market immediately

FAQs

Frequently asked questions.

What does the Stripe transaction_not_allowed decline code mean?

transaction_not_allowed means the issuing bank or card network has blocked the specific type of transaction being attempted — such as recurring billing, card-not-present charges, cross-currency transactions, or merchant category interactions — for this card. The card may be active and funded, but the transaction feature itself is not permitted on this card product.

What are the most common causes of a transaction_not_allowed error in Stripe?

Common causes include the card issuer disabling recurring MIT billing on the card, card-not-present or online transactions being blocked, a currency or cross-border transaction restriction, merchant category incompatibility with the card product, and missing or failed 3D Secure authentication on regulated market transactions — particularly common in EU, UK, and Indian markets under SCA and RBI mandates.

Can transaction_not_allowed be caused by a 3DS integration issue?

Yes, and this is one of the most common causes in EU, UK, and Indian markets. If your Stripe integration doesn't correctly pass 3D Secure authentication on recurring charges, issuers in regulated markets return transaction_not_allowed instead of approving the payment. Always audit your 3DS implementation before sending customers a payment method update email — the fix may be on your integration side, not the customer's card.

Should I retry a payment after a transaction_not_allowed decline?

Not with the same transaction parameters. For 3DS failures, fix your integration and re-attempt via a customer authentication link. For MIT rejections, send a Stripe-hosted payment link to trigger a fresh CIT authorization. For structural blocks like CNP restrictions or MCC incompatibility, add the card to your no-retry list and focus on alternate payment method capture instead.

What is the recovery rate for Stripe transaction_not_allowed failures?

Overall recovery rates are 20–40%. For the 3DS and MIT re-authorization subset, recovery rates of 50–65% are achievable with a technical fix and CIT re-auth flow. For structural card incompatibility cases, alternate payment method conversion achieves 25–35%. Blind retries without triage recover only 5–8%.

Before you retry

Most transaction_not_allowed failures are retried on the wrong schedule — which recovers the payment about 30% of the time. The other 70% leaves permanently. See what this code is actually costing at your MRR before deciding how to handle it.

See what transaction_not_allowed costs me →

Stop leaving revenue on the table

transaction_not_allowed is recoverable. Most teams don't have the retry logic to prove it.

Recurflux handles code-specific retry scheduling, adaptive dunning, and dispute intelligence across all 30 Stripe decline codes. Connect in under 5 minutes.