#StoneCypher

Hi there

hello

Is this a bug with the API?

Feel free to provide more info and I'm happy to help if I can

80% confident it's the web frontend, 20% that i'm misunderstanding what's expected to happen

i am not a user of yours, i am a customer of one of your users, instacart.

i tried to place an order for one of my staff across the country and fell afoul of fraud detection. inherently this is reasonable: it was a new address in a state they'd never seen before.

i am expected to present my card to my webcam, which i'm happy to do.

problematically, on three different computers so far, the camera's picture is horizontally flipped.

as a result, i am unable to cause the thing to recognize.

i have tried this from two PCs and a mac.

i wish to make the case that the web app should have the capability to horizontally flip its capture image. this is an increasingly common design choice on modern laptops for the sake of video conferencing naturality.

i do not know how to move forwards at this time.

there appears to be no fallback path and i am scared that plausibly i may be practically locked out of your other users' systems too.

Ah okay so this is specifically with card scanning

yes. i am of the opinion that a successful card scanning system must have horizontal flip.

i am also of the opinion that having no fallback path here is problematic.

i don't know what to do.

i am unable to use about a dozen services i pay subscription fees for at this time, and i have to rent cars to go grocery shopping

the hard finality of this fragile technical solution seems frankly quite inappropriate to me.

i am unable to use this from a flagship android device, a flagship windows device, and a flagship macintosh.

Got it. So this is a private beta feature at the moment. I do think this is great feedback and it makes sense to have a horizontal scan. That said, since this is a public server I can't discuss private features here. The best thing for you to do is actually to reach out to the merchant you are trying to purchase from (Instacart in this case). They can then work with us on their integration and improving this feature. And most importantly they can provide you a workaround to be able to purchase from them.

sorry?

this has been in active use by many of your customers for almost a decade

i implemented this at tilt in i want to say 2015

if you believe i'm talking about a beta feature then i have poorly communicated what's happening

this is stock stripe and has been for ten years

Hmmm where you are scanning a card with your device?

no

it's a webcam

not card scanning. webcam image capture.

i've tried it from two laptops and a desktop

one's a surface and one's a mac. the desktop has a brio, the most popular 4k camera by leagues

these are the very most common and mainstream devices available

i'm on your mainline unlock process and i'm locked out of a dozen vendors with apparently no recourse due to a frontend bug

and if i wasn't a programmer i doubt i could even communicate how i was stuck

it's locked me out of 500/mo in services that i can't replace

Hmmm that isn't really a feature that we offer as far as I know.... do you have a link to any documentation about it? What makes you think this is Stripe feature?

uh.

really?

It wants you to scan a credit card here?

Not your ID?

Correct?

Or are you talking about an ID?

the card.

instacart says they're getting it from you.

you're who handles their payment stuff.

i'm locked out of other stripe things.

Okay one second, let me double check.

Okay thanks. So got more information. I wasn't aware of this flow since it is purely an account recovery flow that I don't really interact with much as I focus on integrating the API for payments. I do appreciate you flagging this and I'm going to raise the issue internally. Do you know your Stripe Account ID? Can you also share the details about your device (OS + model) that you tested with?

i don't know my id, no

the devices in question:

1. surface go 2 business lte with win10 home 64, using stock in-device camera

2. 2016 macbook pro using stock in-device camera

3. windows 10 piecemeal desktop. random gamer rig from newegg from four years ago. logitech brio 4k UHD webcam. stock logitech drivers, no magic config.

i can ask instacart support for my stripe id maybe? they're pretty bad though, no promises

recommended remediation:

1. easy version, done tomorrow:
   1a. add a button next to your camera swap button
   1b. capture the camera image to canvas (you're almost certainly already doing this anyway)
   1c. when button is engaged, h-flip on ctxTransfer

2. high quality version, done in a month:
   2a. make comparison against regular
   2b. if comparison fails, automatically also try the flipped version
   2c. there is no practical scenario in which providing attack data h-flipped is meaningfully more powerful than just providing it straight
   2d. therefore this obviates the button and you can just take it back out

i did try h-flipping in a virtual camera in obs, but the resulting picture was too low quality 😦

Thanks for all the details.

I'm flagging internally now.

ty

i'm sorry to do this on your dev discord. i wasn't able to find a regular path. i did try

also today i learned that when jarvis says "bismarck bismarck" at random when he's rapping, he's talking about some cool guy or gal at stripe

angling for "weirdest non-ugly comment of the month"

lol

Sorry you didn't get a more prompt response from Support. That generally would be the right channel for something like this, but if the scan flow itself is broken then flagging here for that is good as well.

so you don't have to find it, not that you'd try, because he's a double nobody: https://www.youtube.com/watch?v=ZIvlF6UBBWs

Okay I just flagged internally. I'll let you know once someone has a chance to look.

@rapid dagger you still around?

Just wanted to update you that our Eng did note that this looks like a bug and they are working on fixing asap.

yay

thank you

strongly held opinion: neither h-orientation is actually "correct". end user needs a way to voluntarily toggle, or for it to just automatically work in either orientation simulataneously.

Hmm actually @rapid dagger got an update: After further investigation, the horizontal flip that the user is mentioning is not a bug but intentional. We did this so that on cameras facing the user, moving the card to the user's left moves the card left on the image as well which helps users line up the card in the frame. The numbers on the card will appear backwards, but the images we capture are not actually mirrored, so we can view them normally. The flip only happens at the UI layer. The root issue seems to be the user having difficulty scanning the card and likely independent of the horizontal flip. We can introduce a button that allows the user to turn mirroring on or off, but it will not affect the quality of the capture. One of the cameras they have mentioned is a pretty high quality one so there may be other factors affecting the scan such as the card number being worn out or poor lighting. Could we this out from the user?

Was your lighting good? Could you try again with some bright lighting?

my lighting is fine

i'm under skylights in the middle of the day and also i have photo lighting

it's not user difficulty 😐

i'm sorry that the programmer chose to cosplay things into the story that aren't actually there

most users find that kind of thing pretty offensive

anyway, i see their rationale, but, uh, the user thinking the card is inverted as the cause for the system sort of blindly failing with no user state seems a much clearer user story than "we decided that they can't figure out moving left/right"

if they really think that poorly of us, they could show it both ways at once?

all i know is i have a crystal clear picture of my credit card and it's not being scanned, and the way you display it to me is conceptually unlike the way this image works in the real world, so your choices give (to me at least) very much the wrong impression

Yeah thanks for the feedback.

Let me check on recommended path forward in this case

i'm even willing to send you a screencap of your webcam cap (not by email for obvious reasons)

since i figure you can almost certainly look it up in the database anyway if you want to

so that you can confirm that this isn't, like, the "enhance" hubcap thing from CSI

ha, ha. you just heard them say that in your head. cursed

Okay yeah if you can DM me a screencap with your name, expiry, middle 6 digits of your card number redacted, and CVC redacted then that would be very helpful.

To be clear: all personal data redacted other than first 6 and last 4 of card number

If you don't want to do this over DM/Discord then we can open a Support ticket as well to handle this.

@rapid dagger just dinging to make sure you see the above. But no rush

sorry was on the phone, back, doing

cvc's on the back. need both sides?

@arctic steppe

Checking

Nope just the card number side @rapid dagger

ksec

great now i can't even get the verify account flow to come up anymore

do you need just the card, or the card in the ui flipped

Sounds like even just a photo of the card would be a good start

ksec

"your message could not be delivered" thanks discord

lol friending the stripe dev

Try again now

Thanks

Alright I'll ping you when I hear anything

(Eng is looking)

ty

@rapid dagger I haven't heard back yet from Eng on the investigation. You want to move over to email? Or I'll be around tomorrow and I can let you know what they find then?

i can wait a day

thank you for following up