#jensen

Good question, looking in to this and will get back to you with what I can find

Thank you, I seem to get a request to input a 6 digit code everytime I make a transaction on one of my issued cards. However, I want mass use these cards sometimes (say 1000 transactions within a short window)

So with the 3D secure it’s not possible to do so

I know of people who use there cards for similar purposes and do not have to input the 3D secure codes who are also from the UK

I’m ultimately looking for a way to have the 3DS turned off/removed or alternatively a way to have the codes mass inputted via the API

Hey I am still looking in to this. Haven't been able to find much myself but am reaching out to colleagues and will get back to you with what I can find

Thank you very much

Thanks for the patience. It looks like you can remove the contact info on the card and that will un-enroll it from 3DS https://stripe.com/docs/issuing/3d-secure#when-is-3d-secure-applied:~:text=Cardholders without a,them from 3DS.

So even if I am in the EU this will work ?

I’m actually in UK but I’m fairly sure it falls under the same law

👋 stepping in here

👋 appreciated

It will work in that 3DS won't be enrolled for the card but that card will start seeing a high rate of declines if it falls in-scope for SCA

So I would not recommend doing this if you are EU/UK based

Would 1-2 transactions per card on say Nike for 100-200 “fall in scope for SCA”

Is there perhaps an alternative where the mobile codes could be mass approved via the API ?

SCA is mostly based on where the cardholder and the merchant are located

See: https://stripe.com/docs/strong-customer-authentication

So if you are paying EU merchants and are an EU card holder then you are in-scope for SCA

And no, you can't approve this via the API. The whole point is a security measure where this has to be handled

Right that makes sense, so is it will just auto decline if attempted ?

It’s odd because I have friends who have cards that do not require 3DS on the stripe platform

If it is in-scope for SCA then yes we are required to force 3DS

So yes it would be declined for "authentication required" if 3DS isn't completed.

Are your friends paying merchants outside of the EU perhaps?

Nope they are UK based paying a UK based merchant, my only theory is they created the cards prior to law change

Hmm yeah I'm not sure. Can't really say without seeing the specific examples

They are just making transactions on sites like Nike GB, around a few thousand transactions in 15 minute period for example. It wouldn’t be possible to do that many transactions if 3DS was present

Hmm that sounds like the card is getting stored by Nike and then they are charging it off-session

Off-session charges get exempted from 3DS as long as the card is saved properly the first time

Are you sure? Like as in the card being saved on the account ?

Each transaction is purchasing a pair of shoes

All depends

Like I said, hard to say without seeing specific examples

How specific would you need to see ? I can try to provide them

I would need to see issuing authorization IDs

From my friends end ?

Yes if you want me to look at the specifics from our side in terms of those transactions

I also thought If I created cards outside of the UK/EU via Stripe would I be able to make transactions to a site such as Nike GB

I can try to get them those for you

Yes you can still pay international merchants unless they prohibit it on their end.

How would I go about making such cards outside of EU via stripe ? Would I have to make a new account with Stripe for a country outside of it ?

Afaik yes. This is getting a bit outside of the API at this point though and you may be better off corresponding with our Support team on this as I don't know all the intricacies with Issuing beyond how the API integration works.

Thank you. As for API based would there be any solution to 3DS?

That you can think of

No not really. This is a regulatory thing. It isn't meant to be "worked around"

I wouldn’t say so much workaround, I mean more of a way that you can automatically enter the codes sent to the phone number attached to the card

I do appreciate your help on this

Apologies for the questions

No need to apologize! We are here to help

But yeah, mostly you can't programmatically handle 3DS

The point is to ensure the person paying actually is the card holder

So it takes some amount of manual intervention

Yea of course, is there a alternative way of verifying, such as email maybe ?

And theoretically speaking if I did want to automate such process is it possible ?

Don't believe so. 3DS is generally phone OTP

I thought as much, I think my best solution may be to create a non EU account would you say ?

Imo the best solution is to just complete 3DS when it is requested 🙂

But if you really want to get around that then yes I think a non-EU account is the way to go. Would recommend talking to our Support team about that to ensure that will get around the 3DS request (I'm pretty sure it should but like I said not an expert on Issuing beyond the API)

Yea ideally that’s what I’d like to do, but it’s just not physically possible if your trying to do a few thousand transactions in a 3-15 minute period. I will contact support to see what’s possible

Hmm okay yeah I think I'm missing context here on how/why you are doing a few thousand transactions on one card with Issuing and getting prompted for 3DS each time. But yes, at this point it isn't really an API question and I do think you'll be better off working with our Support team for the best path forward

No sorry I should of explained better, it’s 1 transaction per card, but there’s a few thousand cards

By the sound of it, the application is trying to rig an auction system by programatically using 1000+ issued cards to get around one-card-per-customer limitations.

lol yeah I was going to say that isn't really something that makes a lot of sense

Like that could easily be a fraud attempt and is exactly why things like 3DS exists

Well, not exactly fraud necessarily - but certainly bypassing intent

Not fraud at all, it’s essentially shoe draws on Nike

I rather suspect whoever is running the auction would not approve the scheme

But, hey, there's a nice record here should any question come up.

On Nike they release shoes for say a 15 minute period, you can only purchase 1 pair per account/card

So in order to purchase more than 1 pair

You would need more accounts/cards

However at a scale you cannot approve that many transactions

When trying to get out of a hole, it is generally best to stop digging.

Sorry but I am not digging a hole

I’m abit offended that you genuinely think this is fraudulent

But yes as you say there is a record here

Which I will be referring to when contacting Stripe support

To clarify: I don't genuinely think this is fraudulent

Sorry for insinuating that

I’m not referring to you, don’t worry

I'm saying that a scheme like this could have a fraudulent nature and is why you are having a hard time getting around it

I do understand and can appreciate where you coming from though as it’s quite an unusual request

This does seem challenging due to the time frame

So yeah, quite unique circumstances

I do hope there is a way to handle it, but I admit I'm not sure of a current workaround. I hope our Issuing Support team may be able to provide you some further guidance.