Payment Method Storage
Securely saving customer payment methods for future use by attaching tokenized PaymentMethod objects to Stripe Customer records, enabling one-click purchases and subscription renewals.
Description
Payment method storage allows customers to save their card or bank account details for future transactions without re-entering them. In Stripe, this is accomplished by attaching a PaymentMethod object (pm_...) to a Customer object, creating a reusable link between the customer and their tokenized payment credentials. The card data itself is stored in Stripe's PCI-compliant vault; your database only stores the PaymentMethod ID and display metadata (brand, last4, expiration).
The recommended flow for saving a card uses a SetupIntent, which authenticates the card and registers it for future off-session use without charging it immediately. Create a SetupIntent server-side with the customer ID and usage: 'off_session', pass the client_secret to the frontend, and confirm with stripe.confirmSetup(). This flow handles SCA requirements by performing 3D Secure authentication upfront, so subsequent off-session charges are more likely to succeed without requiring additional authentication. After confirmation, the PaymentMethod is automatically attached to the Customer.
Managing stored payment methods includes letting customers view their saved cards (list with stripe.paymentMethods.list({ customer, type: 'card' })), set a default (stripe.customers.update(customerId, { invoice_settings: { default_payment_method: pm_id } })), add new methods, and remove old ones (stripe.paymentMethods.detach(pm_id)). Handle expired card notifications by checking the exp_month and exp_year fields and prompting customers to update before their next billing cycle. Stripe also supports automatic card updates through the card network's Account Updater program, which silently updates stored card numbers and expiration dates when a bank issues a replacement card.
Prompt Snippet
Save payment methods using SetupIntents: create with stripe.setupIntents.create({ customer: cus_id, usage: 'off_session', automatic_payment_methods: { enabled: true } }), confirm on the client with stripe.confirmSetup(), then set as default via stripe.customers.update(cus_id, { invoice_settings: { default_payment_method: pm_id } }). Store PaymentMethod metadata locally (pm_id, brand, last4, exp_month, exp_year) for display in your payment methods UI. Build a payment methods management page that lists saved methods from stripe.paymentMethods.list({ customer, type: 'card' }), allows setting a default, and supports removal via stripe.paymentMethods.detach(). Implement an expiring card warning job that checks exp_month/exp_year monthly and sends reminder emails 30 days before expiration.Tags
Related Terms
Tokenization (Card Data)
Replacing sensitive card numbers with non-sensitive token identifiers that reference the card data stored securely by the payment processor, keeping your systems out of PCI scope.
PCI DSS Compliance
Adhering to the Payment Card Industry Data Security Standard requirements that govern how cardholder data is collected, transmitted, stored, and processed in your payment infrastructure.
Customer Portal
A Stripe-hosted or custom-built self-service interface where customers can manage their subscriptions, update payment methods, view invoices, and handle billing-related actions without contacting support.
3D Secure Authentication
An additional authentication layer for online card payments that requires cardholders to verify their identity through their bank, mandated by regulations like PSD2/SCA in Europe.
Subscription Billing (Stripe)
Managing recurring payment cycles using Stripe's Subscription and Price APIs, including plan creation, billing intervals, upgrades/downgrades, and lifecycle event handling.