Handling Failed Payments in Stripe: Dunning, Retries & Recovering Churn

A churned customer who never wanted to leave is the most frustrating kind of lost revenue — and the easiest to win back. At QUANT LAB USA we treat failed-payment recovery as core billing infrastructure, not an afterthought. This post is the playbook we implement on a subscription billing engagement. It assumes you already have the basics from our Next.js + Stripe guide and reliable webhooks per our webhook security best practices.

Not every decline is equal. The recovery strategy depends entirely on why the charge failed, which Stripe surfaces in the charge's decline_code and the PaymentIntent's last_payment_error. Hard declines (lost or stolen card, fraud) will never recover on retry and need a new card. Soft declines (insufficient funds, a temporary issuer block) are exactly what Smart Retries was built for.

Stripe's default behavior retries failed subscription charges on a fixed schedule. Smart Retries replaces that with a model trained across the Stripe network that times each retry for when it is most likely to clear — after a likely payday, once a temporary block lifts, or when the issuer is most responsive. You configure the retry window and the cancel-or-leave-unpaid endpoint behavior in the Dashboard under Billing settings.

The key decision is what happens when retries are exhausted: Stripe can cancel the subscription, mark it unpaid, or leave it past_due. Choose deliberately. Cancellation is clean but ends the relationship; leaving it unpaid keeps the subscription alive for a longer manual-recovery tail. Whatever you pick, make sure your webhook handler reflects the final state into your own database so your app's entitlements stay correct.

Dunning is the sequence of nudges that asks the customer to fix their payment method. Stripe ships built-in dunning emails plus a hosted, secure card-update page — enable both before you write a single line of custom code. The hosted page is PCI-friendly: the customer enters new card details directly with Stripe, so your servers never touch the number.

The single highest-leverage improvement is reducing friction on the update. One click from the dunning email straight to a pre-authenticated update page beats "log in, find billing, locate the update form" by a wide margin. The Stripe Customer Portal gives you that hosted update surface for free; link to it from your in-app banner as well as from email. Build fully custom branded dunning only once you have evidence that revenue is still leaking after the defaults.

Stripe handles the money side, but your application has to reflect the failure so you can show banners, gate features, and trigger account-management work. Subscribe to and handle these events:

• invoice.payment_failed — a charge was declined; read next_payment_attempt and attempt_count to decide messaging severity.
• invoice.payment_action_required — the retry needs 3D Secure; route the customer to authenticate.
• customer.subscription.updated — the subscription moved into past_due or back to active after recovery.
• invoice.paid — a previously failed invoice recovered; clear the banner and restore any gated features.
• customer.subscription.deleted — Stripe gave up; downgrade or suspend.

Make every handler idempotent and keyed off the event ID, exactly as covered in our webhook security best practices. A double-processed invoice.paid that grants a duplicate credit is its own kind of revenue bug. Use our Stripe webhook tester to validate the payloads before you ship.

This is where teams quietly torch recoverable revenue. The instinct is to suspend the account the moment a payment fails. Do not. A first decline is frequently a soft decline that Smart Retries clears within days. If you cut access immediately, you punish a paying customer, generate a support ticket, and often trigger a real cancellation out of frustration.

The pattern that works: keep full access during past_due, show a non-blocking in-app banner with a one-click update link, and only downgrade or suspend when the subscription transitions to canceled or unpaid after retries are exhausted. Align your grace window to your retry window — there is no reason to gate features while Stripe is still actively retrying a card that will likely succeed.

The cheapest failed payment is the one that never happens. Two preventive plays. First, card-account updater: Stripe can automatically receive updated card numbers and expiry dates from participating networks when a customer's bank reissues a card, so many expirations heal silently with no customer action. Second, pre-dunning: listen for customer.subscription.trial_will_end and watch for cards approaching their expiry month, then proactively prompt an update before the renewal charge ever fails.

For teams running this at scale across many customers and plans, the recovery system becomes part of the broader billing architecture — entitlements, invoicing, and reconciliation all have to agree on the subscription's state. That whole surface is what we wrap in our payments, invoicing, and licensing service.