#bachir

https://stripe.com/docs/disputes/prevention/card-testing#prevent-card-testing has some pointers

I read that ! I was just wondering in the meantime, is there a way for us to stop the users currently spamming Stripe from the dashboard ?

Also, I didn't see it mentioned, is moving the confirm PI call to the backend is considered a good practice or it won't help much ?

you could cancel the PaymentIntent they're using or roll your public key ,but that won't stop them if they can just get to your website and get another client_secret easily

only helps as much as you secure access to your backend, if I can submit an unauthenticated request or multiple requests from the same IP hundreds of times a second with no block/captcha to your backend /pay route that confirms the PaymentIntent, I can still do the same type of attack

Indeed.

How does using Stripe Elements vs using regular integration makes Stripe better at detecting card testers ?

not sure I can answer that really

no worries, thanks for your help

Although here I don't understand because Stripe tells me the default Radar rule has blocked the payment, but the user can still re-use the PI to test a card.

How do I truly cancel the PI ? Is it possible from the dashboard ?