#Jose |

Yes unfortunately card testing can be easy, the main ways to reduce card testing vulnerability are to restrict when your public key and client secret are sent over or to restrict how many times a client secret can be used https://stripe.com/docs/disputes/prevention/card-testing

We also have a beta for a different flow that would allow you to disable client side confirmation altogether which would greatly reduce this vulnerability. It is a decently different flow than the current one but it may be worth keeping in mind https://stripe.com/docs/payments/defer-intent-creation-confirm-server

That new flow would be extremely helpful. I applied for the beta.

Thank you for the advice.