← All templates

Template

SCA / 3D Secure Authentication Email

Sent when the bank requires 3D Secure / Strong Customer Authentication (SCA) before approving the charge. Almost always an EU or UK customer. Goal: explain this is standard, normalize the verification step, link to the 3DS challenge.

EmailDay 0 (first touch)Tone: FriendlyB2B + B2CTargets: authentication_required

Subject line options

A/B test these. Lowercase, question format, and specific-time framings consistently win.

  • Quick verification needed for your payment
  • One-time bank verification for {{product_name}}
  • Quick SCA verification - {{product_name}}

Template

Hi {{first_name}},

Your bank is asking for one-time verification before we can charge
your card. This is a standard EU requirement - nothing is wrong.

Click here to verify:
→ {{secure_update_link}}

You will see your bank's 3D Secure popup, approve it, and you are
done. Takes 20 seconds.

- {{sender_first_name}}

Variables in {{like_this}} should be replaced with your merge fields.

Why this template works

Explicitly says "nothing is wrong" because the automatic customer assumption on "verification needed" is that something has been flagged. Sets the expectation of a bank popup so the 3DS challenge does not feel like a phishing trap. The 20-second framing is concrete.

Implementation tips

  • 1Use a Stripe-generated PaymentIntent auth URL to route directly to 3DS
  • 2After the first authenticated charge, mark the subscription as MIT (merchant-initiated) to reduce future SCA prompts
  • 3Test with Stripe 3DS test cards before deploying
  • 4Localize the copy - SCA is almost entirely an EU/UK concern

Frequently asked questions

Why does my customer need to authenticate again?

Under the EU PSD2 regulation, cards may require Strong Customer Authentication (SCA) for certain online charges. Once the first charge is authenticated with 3DS, subsequent recurring charges can be flagged as MIT (merchant-initiated) and exempted from SCA.

Can I avoid SCA for recurring subscriptions?

Yes for renewals. If the first charge is 3DS-authenticated and marked as MIT, renewals are exempt. Use Stripe off_session flag.

Automate this with Rebounce

Rebounce sends this template automatically based on decline codes and timing

Rebounce detects payment failures via Stripe Connect, classifies them by decline code, and runs the optimal dunning sequence across email, SMS, WhatsApp, and in-app banners. The templates above are the exact patterns Rebounce uses out of the box - you can adapt the copy to your brand voice and Rebounce handles delivery, timing, and sequence cancellation when a retry succeeds.

Start free trial

Related templates

Email

Friendly Payment Failure Email (Day 0)

The first email sent immediately after a payment fails, before any retry. Goal: catch the 40-60% of failures that resolve with a simple nudge, before the customer feels embarrassed or annoyed.

Email

Bank Block Email (do_not_honor)

Sent when the bank flagged the transaction (do_not_honor, generic_decline, call_issuer). The card is valid; the bank blocked this specific charge. Goal: explain this is a routine bank fraud flag (not a card problem) and give two clear paths to fix it.

Email

Expired Card Email

Sent when a subscription payment fails specifically because the card on file expired. This is the easiest dunning recovery - not a money problem, just an admin task. Goal: treat it like routine maintenance, not an emergency.