evlj | Stripe Developers | Page 1

scenic marshBOT Mar 13, 2023, 8:58 AM

#

mint monolith Mar 13, 2023, 8:59 AM

#

Hi there!

#

How are you currently accepting payments? Checkout Session, Payment Element + PaymentIntent, something else?

scenic marshBOT Mar 13, 2023, 9:11 AM

#

silk magnet Mar 13, 2023, 9:37 AM

#

Payment element I believe

#

Custom API sorry, not payment element

mystic abyss Mar 13, 2023, 9:38 AM

#

we were advised to implement a better API to prevent card testing
Can you give more context about this ?
I am specifically looking for this integration Direct API integration with client and Customer signals
Do you have a public reference for this ?

#

Are you referring to this ?
https://stripe.com/docs/disputes/prevention/card-testing#optimize-integration

silk magnet Mar 13, 2023, 9:39 AM

#

Let me try to explain it, we are using this: https://stripe.com/docs/api/subscriptions/create to charge our customers

Stripe API reference – Create a subscription – curl

Complete reference documentation for the Stripe API. Includes code snippets and examples for our Python, Java, PHP, Node.js, Go, Ruby, and .NET libraries.

silk magnet Mar 13, 2023, 9:39 AM

#

mystic abyss Are you referring to this ? <https://stripe.com/docs/disputes/prevention/card-te...

Yes!

mystic abyss Mar 13, 2023, 9:42 AM

#

Yes and what it your question exactly ?

#

need to understand how to send client and customer singlas information toward API?
Customer signals refers to Customer information (email, name, billing address)
You can collect these information via Customers API:
https://stripe.com/docs/api/customers/create

silk magnet Mar 13, 2023, 9:44 AM

#

So we had someone use our system to test cards and that seems to be the issue. We were advised to update our API integration and the above link provided. I couldn't figure out how to send the client info with our request API

#

Customer signals is fine, we just need to add the billing address, the rest is there already.

mystic abyss Mar 13, 2023, 9:46 AM

#

Client signals are ip, user-agent that you collect from your integration if you want to use Direct API, and you need to add some rules to block any activity you consider suspicious, and prevent calling Stripe APIs from your integration.

#

Client info can't be send to Stripe APIs, your integration need to collect them, like from what IP your frontend made a call to your backend, keep tracking of each user activity and block suspicious calls

silk magnet Mar 13, 2023, 9:49 AM

#

Oh I see, so we will need to block these on our end and not the wise versa

#

I guess in that case it's easiest to setup the radar rules to prevent those from happening?

mystic abyss Mar 13, 2023, 9:50 AM

#

Yes of course, in that case you need to use Stripe Elements

#

And set this radar rule for example
https://stripe.com/docs/disputes/prevention/card-testing#radar

silk magnet Mar 13, 2023, 9:52 AM

#

Great, I believe we can do that. Would you also recommend adding the rate limit? We can try that first

#

Currently we don't have any as it was recommended almost a year ago, can't remember why exactly

mystic abyss Mar 13, 2023, 9:55 AM

#

Yes rate limiters are good approach too:
https://stripe.com/docs/disputes/prevention/card-testing#rate-limits

#

In general any suggestion here will certainly helps preventing card testing:
https://stripe.com/docs/disputes/prevention/card-testing

silk magnet Mar 13, 2023, 10:03 AM

#

Great, thank you very much!

mystic abyss Mar 13, 2023, 10:03 AM

#

Np!

scenic marshBOT Mar 13, 2023, 10:25 AM

#

#evlj