Stripe Delegate Authentication

The Stripe Delegate Authentication Rule exempts transactions where Stripe has already authenticated the cardholder on the merchant's behalf using a FIDO authenticator. This is known as Delegated Authentication and requires a bilateral agreement between the issuer and Stripe.

When the cardholder logs into a Stripe-powered merchant using a FIDO authenticator, Stripe issues a signed JWT as proof of authentication. Apata verifies this JWT and, if valid, approves the transaction frictionlessly.

Flow

flowchart TD
    classDef success fill:#e6ffed,stroke:#38a169,color:#276749
    classDef process fill:#ebf8ff,stroke:#4299e1,color:#2c5282
    START([Transaction received]) --> FIDO{Cardholder authenticated<br/>via FIDO on merchant site?}:::process
    FIDO -->|No| NEXT([Next Rule])
    FIDO -->|Yes| JWT{Stripe JWT token valid?}:::process
    JWT -->|Invalid| NEXT2([Next Rule])
    JWT -->|Valid| ACC([Frictionless · SUCCEEDED]):::success

Example

The following configuration enables the Stripe Delegate Authentication exemption for issuers with a Stripe bilateral agreement.

Updated about 1 month ago