Stripe test cards: the complete 2026 reference for every payment and decline scenario

Every Stripe test card number, grouped by scenario: successful charges, declines with exact codes, 3D Secure, fraud, and disputes. Plus how to run them in an automated checkout suite.

Cover image for Stripe test cards: the complete 2026 reference for every payment and decline scenario

tldr: Every Stripe test card number in one place. Copy a number, set any future expiry and any CVC, and you can trigger a successful charge, a specific decline, a 3D Secure challenge, or a dispute without ever touching a real card. Test cards only work with test API keys. They never work in live mode.

Stripe gives you a set of fake card numbers that behave like real ones inside test mode. Each number maps to a known outcome. 4242 4242 4242 4242 always succeeds. 4000 0000 0000 0002 always declines. A handful of others force 3D Secure, or land the payment in a dispute, or get blocked by Radar as fraud.

The rules are the same for every card. Use any future expiry date, such as 12/34. Use any three-digit CVC, or four digits for American Express. Use any postal code. The card number is the only thing that decides what happens.

This page is a reference. The tables below are the card numbers you copy into a checkout form or a PaymentMethod call. The last section covers the part most guides skip: how to run these cards inside an automated suite so payment regressions get caught before a customer hits them.

How Stripe test mode works

Test mode is a full parallel environment. It has its own API keys, its own dashboard data, and its own objects. Nothing you do in test mode touches real money or a real bank.

Two things gate it. First, you have to use your test secret key (the one prefixed sk_test_) or test publishable key (pk_test_). A test card sent with a live key fails. Second, real card numbers are rejected in test mode, and Stripe's agreement forbids sending real card details to test with. The separation is deliberate and strict.

That strictness is the whole point. You get to exercise the ugly paths, a declined card, a stolen card, a chargeback, on demand and repeatably, without waiting for a real customer to hit them.

Successful test cards by brand

Use these when you want the charge to go through. Every brand your customers might use has a test number so you can confirm your form accepts it and your logic handles the resulting PaymentIntent.

BrandCard number
Visa4242 4242 4242 4242
Visa (debit)4000 0566 5566 5556
Mastercard5555 5555 5555 4444
Mastercard (2-series)2223 0031 2200 3222
Mastercard (debit)5200 8282 8282 8210
Mastercard (prepaid)5105 1051 0510 5100
American Express3782 822463 10005
American Express3714 496353 98431
Discover6011 1111 1111 1117
Diners Club3056 9300 0902 0004
JCB3566 0020 2036 0505
UnionPay6200 0000 0000 0005

Cards that trigger declines

This is the set most teams under-test. A payment form that only ever sees 4242 looks finished and is not. These numbers force specific failures, each with the exact decline_code Stripe returns, so you can confirm your UI shows the right message instead of a generic error.

ScenarioCard numberDecline code
Generic decline4000 0000 0000 0002generic_decline
Insufficient funds4000 0000 0000 9995insufficient_funds
Lost card4000 0000 0000 9987lost_card
Stolen card4000 0000 0000 9979stolen_card
Expired card4000 0000 0000 0069expired_card
Incorrect CVC4000 0000 0000 0127incorrect_cvc
Processing error4000 0000 0000 0119processing_error
Card velocity exceeded4000 0000 0000 6975card_velocity_exceeded

The message a customer sees on an insufficient-funds decline should not read the same as an expired-card decline. Each of these cards lets you prove that in a test, not in production.

3D Secure and authentication test cards

Strong Customer Authentication means some payments trigger a challenge step. If your checkout does not handle the challenge and its result, the payment stalls and the customer leaves. These cards force the authentication flow so you can test both the approved and the abandoned path.

ScenarioCard number
Authentication required (unless card is saved)4000 0025 0000 3155
Authentication required on every payment4000 0027 6000 3184
3DS required, authentication succeeds4000 0000 0000 3220
3DS supported but not required4000 0000 0000 3055
Authentication required, then declines4000 0084 0000 1629

Run the last one on purpose. A card that passes the challenge and then declines is a real customer scenario, and it is exactly where half-built checkout flows break.

Fraud and dispute test cards

Two more categories round out the surface. Radar cards let you test how your system reacts when a payment is flagged or blocked. Dispute cards let a charge succeed and then turn into a chargeback so you can test your webhook handling and your evidence flow.

ScenarioCard number
Always blocked by Radar (highest risk)4100 0000 0000 0019
Elevated risk, may be queued for review4000 0000 0000 9235
Charge succeeds, then disputed as fraudulent4000 0000 0000 0259
Charge succeeds, then disputed as not received4000 0000 0000 2685
Charge succeeds, receives early fraud warning4000 0000 0000 5423

Disputes arrive as asynchronous webhook events, sometimes days after the charge in real life and immediately in test. If a dispute event silently fails in your handler, you find out when a bank pulls the funds. These cards let you rehearse that instead.

Testing Stripe cards in an automated checkout suite

A copy-paste card into a manual test confirms the flow works once. It does not confirm the flow still works after next week's redesign, or on the mobile breakpoint, or when the 3DS modal renders differently.

That is the job of an end-to-end suite. A good one drives a real browser through the actual checkout, enters the test card, waits for the authentication challenge if one appears, and asserts the customer lands on the right confirmation or sees the right decline message. It runs on every deploy, not once.

This is where Bug0 fits. A Bug0 forward-deployed engineer authors your checkout coverage on Passmark, our AI testing engine, including the decline and 3D Secure paths above, and the engine injects the test card values at runtime and re-resolves the steps when your UI changes. You provide staging access and the test keys. Payment regressions get caught in a pull request, while the change is still cheap to fix.

The point of the whole test-card system is that failure is a first-class scenario, not an edge case you hope never happens. An automated suite is what keeps that promise on every release.

FAQs

Where do I find a Stripe test card number?

Stripe publishes them in its testing documentation, and the tables above cover the common ones. The most-used card is 4242 4242 4242 4242, which always succeeds. Pair any test card with a future expiry, any CVC, and any postal code.

Do Stripe test cards work in live mode?

No. Test cards only work with test API keys. Once you switch to live keys, Stripe rejects them, and real transactions require real card details. Stripe's agreement also prohibits testing with real cards in live mode.

What is the 4242 4242 4242 4242 card?

It is Stripe's default successful Visa test card. It approves every charge in test mode, which makes it the happy-path card. Testing only with 4242 is the most common gap, because it never exercises declines or authentication.

What expiry date and CVC should I use with test cards?

Any expiry date in the future works, for example 12/34. Use any three-digit CVC, or four digits for American Express. Postal code can be any value. Only the card number determines the outcome.

How do I test a declined payment on Stripe?

Use a decline card such as 4000 0000 0000 0002 for a generic decline or 4000 0000 0000 9995 for insufficient funds. Each returns a specific decline_code, so you can confirm your checkout shows the correct message for each failure instead of a single generic error.

Can I automate testing with Stripe test cards?

Yes. An end-to-end suite can drive your checkout in a real browser, enter a test card, handle any 3D Secure challenge, and assert the outcome on every deploy. Bug0 builds and maintains that coverage for you, including the decline and authentication paths.

stripePayment Testingtest-automationQA automationend to end testing
About the author
Saurav Jha
Saurav JhaSoftware Developer, Bug0

Saurav Jha is a Software Developer at Bug0, where he works on backend systems and product engineering. He holds a B.Tech in Computer Science and has built and shipped scalable products, developer tools, and interactive UIs across the stack, working with React, Node.js, PostgreSQL, Redis, and Docker, with deployments on AWS. Before Bug0 he built e-commerce products on the MERN stack. For the Bug0 blog he writes about backend engineering, developer experience, and AI-powered testing.

Ship every deploy with confidence.

Bug0 gives you a dedicated AI QA engineer that tests every critical flow, on every PR, with zero test code to maintain. 200+ engineering teams already made the switch.

From $2,500/mo. Full coverage in 7 days.

Go on vacation. Bug0 never sleeps. The AI tests every commit, every deploy, every schedule. Your forward-deployed engineer reviews every failure and files the bugs. Coverage holds while you're off the grid.

Go on vacation.
Bug0 never sleeps.

The AI tests every commit, every deploy, every schedule. Your forward-deployed engineer reviews every failure and files the bugs. Coverage holds while you're off the grid.