#Bob the builder

Hi there!

Give me a few minutes to look into this.

Sure

If it makes a difference, I think that's a virtual card.

Hey! Taking over for my colleague. Let me catch up.
The first request is from a Setup Intent, meanwhile the second is by the token API, using Stripe JS

Yes

When the first one failed, a user did the 2nd request using a different flow

Both requests are also against different accounts. Payment method (setup intent?) from the 1st request was intended to be moved from a platform account to the connected account.

And the customer was charged from the second request using the second flow ?

There havent been any payments attempted yet

Only the details saved

Against this specific card I mean. There have been other payments done using the 2nd flow

The different is that using SetupIntent, the resulting PaymentMethod is** authenticated and saved** meanwhile, using the token API, the card is** just saved and not authenticated**
That's why the first request (using SetupIntent) failed, because the card is declined. If you try to charge the second card then you probably should get a card_decline error also, unless there is something changed in the card's issuer side

The token was later used to create a setup intent req_1SF5zVJ5oW4LJh - was it not authenticated then?

Follow up question - is it possible to do authentication when creating a token, or when using a token to create a setup intent?

Yes it's authenticated after this request. So maybe the customer should just retry using their card later

Nope, in order to authenticated the card and save it at the same request, you need to use SetupIntent

But then why the first authentication failed, and the second one succeeded?

I dont know what authentication refers to here - is it the card issuer that rejects it, or only stripe?

The card issuer rejected the attempts, according to the code error which is card_Declined and the decline_code which is do_not_honor
https://stripe.com/docs/error-codes#card-declined
https://stripe.com/docs/declines/codes#:~:text=an unknown reason.-,The customer needs to contact their card issuer for more information.,-do_not_try_again

Oky thanks for the information

Follow up question - authentication is only pinging the card issuer if the card is valid? There are no authorization charges done?

You mean additional fees ?

I mean, some services I've noticed do a 1€ authorization thats immediately refunded

Is that considered part of authentication?

Sorry, but we don't know a lot about fees/additional charges here, I'd recommend you to ask this for Stripe Support at https://support.stripe.com/contact