beinggandhi | Stripe Developers | Page 1

flat lavaBOT Nov 2, 2022, 11:52 PM

#

cyan lagoon Nov 2, 2022, 11:53 PM

#

Hi, can you add more details here?

arctic canyon Nov 2, 2022, 11:55 PM

#

true rain Nov 2, 2022, 11:56 PM

#

Hello! I'm taking over and catching up...

arctic canyon Nov 2, 2022, 11:56 PM

#

sample request Id : req_yPEchF8LB2YHiJ

#

sample payment Intent. : pi_3LwuRXHaof0IjCDr1EnCuwyk

#

    paymentIntent = stripe.PaymentIntent.create(
        amount=50,
        currency="usd",
        setup_future_usage="off_session",
        customer=stripeCustomerId,
        payment_method_types=["us_bank_account"],
        payment_method_options={
            "us_bank_account": {
            "financial_connections": {"permissions": ["payment_method"]},
            },
        },
    )
    stripeData = {}
    stripeData['paymentIntent'] = paymentIntent

true rain Nov 2, 2022, 11:58 PM

#

What you're seeing is normal and part of our Financial Connections instant authorizations approach. If you don't want to use instant verifications you can set verification_method to microdeposits to use microdeposits only: https://stripe.com/docs/api/payment_intents/create#create_payment_intent-payment_method_options-us_bank_account-verification_method

arctic canyon Nov 2, 2022, 11:59 PM

#

I want instant verification

#

but if customer is making a payment through ACH, why does stripe need to know all account list , their balance and their transaction

true rain Nov 3, 2022, 12:00 AM

#

Then your customers will see that page and will need to grant those permissions. That's how instant verification works.

#

The access in question is how we perform instant verification.

arctic canyon Nov 3, 2022, 12:02 AM

#

can customer revoke Stripe's access to this data once the payment is done.

#

does stripe read the account balances or other transactions . and is it shared for other Stripe Products

#

optional
The list of permissions to request. If this parameter is passed, the payment_method permission must be included. Valid permissions include: balances, ownership, payment_method, and transactions.```

#

when we use permission as payment_method , why is it asking for balances and transactions

#

    paymentIntent = stripe.PaymentIntent.create(
        amount=50,
        currency="usd",
        setup_future_usage="off_session",
        customer=stripeCustomerId,
        payment_method_types=["us_bank_account"],
        payment_method_options={
            "us_bank_account": {
            "financial_connections": {"permissions": ["payment_method"]},
            },
        },
    )

true rain Nov 3, 2022, 12:06 AM

#

Customers should be able to revoke access, but I believe it's up to the customer's bank to support that feature, so I don't think we can guarantee it.

There's more information here: https://stripe.com/docs/financial-connections/ach-direct-debit-payments

#

And here: https://stripe.com/docs/financial-connections/fundamentals#data-permissions

arctic canyon Nov 3, 2022, 12:08 AM

#

If I am reading the document correctly, if we ask for permission for payment_method only

Screen_Shot_2022-11-02_at_5.08.38_PM.png

#

only tokenized account and routing number need to be shared.

true rain Nov 3, 2022, 12:15 AM

#

I believe the other permissions are required for the instant verification piece.

arctic canyon Nov 3, 2022, 12:16 AM

#

Can you confirm this

#

the oAuth using banks login should do the instant verification

#

Is there a chance that the banks have a single warning they show irrespective of what permissions were asked for ? But how can we convince the customer that we dont have access to all their transactions

true rain Nov 3, 2022, 12:20 AM

#

Give me a few minutes to dig into this...

#

Okay, we've confirmed the permissions requested with payment_method permission only should only request the account details (you can see this happening in test mode, for example). It could be that this bank is displaying the incorrect info... do you know if this is happening across multiple banks, or is it only happening with US Bank?

arctic canyon Nov 3, 2022, 12:33 AM

#

multiple banks

true rain Nov 3, 2022, 12:35 AM

#

Do you have any other screenshots from other banks? And can you confirm the banks are saying these permissions are being granted during the connection/verification process?

arctic canyon Nov 3, 2022, 12:35 AM

#

Yes

#

I dont have other screenshot but this customer https://dashboard.stripe.com/customers/cus_LmWPBzotXMCuif

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

#

I remember had tried to signup ..later ended up giving us a cheque

#

we thought people would not notice the sleight of hand that stripe is trying to pull off, but at this point this is becoming a recurring theme for any customer who is somewhat attentive to what he/she is signing up for

#

Screen_Shot_2022-11-02_at_5.35.42_PM.png

#

Considering that financial_connections is a preview feature are you sure there is a no bug on Stripe side where it defaults to asking for all the permissions

true rain Nov 3, 2022, 12:40 AM

#

That's what I'm trying to determine. I was hoping you would have further examples in the form of screenshots, but we're still investigating on our end...

arctic canyon Nov 3, 2022, 12:45 AM

#

I am going to a new customer for signup today at 8:30 pm PST , he has BOA so we will know whats going on in production

true rain Nov 3, 2022, 12:51 AM

#

One thing we're confused about is that the screenshot you shared above seems to be a generic page on US Bank's site, not something that shows up during the instant verification process in our modal. Can you clarify what specific part of the process that screenshot is from?

arctic canyon Nov 3, 2022, 12:53 AM

#

after the banks login page

true rain Nov 3, 2022, 12:55 AM

#

Is this a recent change, or has it always been this way? Or is this a new integration?

arctic canyon Nov 3, 2022, 12:58 AM

#

I just did the onboarding with my personal chase account

#

And I see the same issue

#

#

#

#

#

#

#

#

You can see earlier that in 2nd and 5th image, it is asking only for account number

#

and all of sudden things change

true rain Nov 3, 2022, 1:03 AM

#

Yep, we're seeing the same. Investigating further now...

#

After further investigation we've found this is expected behavior. Most banks don't provide granular permissions access, so the banks are surfacing the permissions Stripe gets. However, what happens is you only get the permissions you request from Stripe. In other words, Stripe will not share more than what's shown in the 2nd and 5th screenshots in your flow above with you, even though Stripe itself does have access to more (because we can't request less).

#

There's more information here: https://support.stripe.com/user/questions/what-data-does-stripe-access-from-my-linked-financial-account

Although most financial institutions provide Stripe with access to all of the data associated with your accounts, we will only use your financial account information as outlined in our Privacy Policy. We also protect your financial information by only giving your merchant access to the financial information types they’ve specifically requested—and only if you have consented to share that financial information with them through the authentication flow. If your merchant would like to access additional types of data from your account in the future, they will need to obtain your permission.

arctic canyon Nov 3, 2022, 1:27 AM

#

If customer does manual verification , would stripe get access to the same data

#

I guess no. But still we are able to store the payment method.

#beinggandhi