WEeZzEe | Stripe Developers | Page 1

hidden urchinBOT May 22, 2023, 11:32 AM

#

cerulean ice May 22, 2023, 11:33 AM

#

hello

lime oasis May 22, 2023, 11:33 AM

#

Hi,
Nope. Checkout Session are for single use/payment attempt

#

Are you facing any particular issue regarding limits?

cerulean ice May 22, 2023, 11:33 AM

#

yes

#

so basically i was hit by a card testing scam

#

i already have captcha on my website which have inline form based stripe checkout

#

as it is hosted on my website i can add captcha in it

#

but a customer asked a payment link from me few days ago , and he tried card testing on it

#

as the payment link page is hosted on stripe website i have no control over it and i cannot add captchas in it

#

like this one i can add captchas its easy to implement with a plugin

lime oasis May 22, 2023, 11:36 AM

#

cerulean ice but a customer asked a payment link from me few days ago , and he tried card tes...

You can configure Radar for this kind of cases I think:
https://stripe.com/docs/radar
But PaymentLink should also prevent this detect this at a point, and Stripe will block them...

cerulean ice May 22, 2023, 11:36 AM

#

yes radar blocked all the payments

#

not a single payment went through

#

but isnt there a way to just add a rate limit or captchas to the stripe checkout page which is hosted on stripe

lime oasis May 22, 2023, 11:37 AM

#

cerulean ice but isnt there a way to just add a rate limit or captchas to the stripe checkout...

No you can't.

cerulean ice May 22, 2023, 11:37 AM

#

after the customer tried card testing my dashboard was filled with blocked payments

lime oasis May 22, 2023, 11:37 AM

#

Stripe will block any potential suspicious behavior

cerulean ice May 22, 2023, 11:37 AM

#

😛

#

somone from support told me this was possible

#

#

is there a way to reduce the allowed session time , like if the customer doesnt complete the payment within 1-2 minute the session expires?

lime oasis May 22, 2023, 11:40 AM

#

I think, they are talking about your checkout flow (implementation)

#

CPATCHA are already a built in feature in Checkout Session,
https://stripe.com/docs/payments/checkout#built-in:~:text=SCA-ready-,CAPTCHAs,-PCI compliance

#

You can't add another by your own

lime oasis May 22, 2023, 11:42 AM

#

cerulean ice is there a way to reduce the allowed session time , like if the customer doesnt ...

You can set expiration, but the min is 30min:
https://stripe.com/docs/api/checkout/sessions/create#create_checkout_session-expires_at

cerulean ice May 22, 2023, 11:52 AM

#

ok thank you so much @lime oasis

#

is there anything you would suggest i can do from my side to deal with card testing? something which blocks before them going to the stripe checkout page only

glass hollow May 22, 2023, 11:53 AM

#

Hi! I'm taking over from my colleague. Please, give me a moment to catch up.

cerulean ice May 22, 2023, 11:54 AM

#

ok

#

sorry for making it so long

#

glass hollow May 22, 2023, 11:55 AM

#

I think it'a best to ask Stripe Support: https://support.stripe.com/?contact=true
But if you load Stripe on all your pages you can make use of https://stripe.com/docs/disputes/prevention/advanced-fraud-detection

cerulean ice May 22, 2023, 11:55 AM

#

the card tester tested over 200 cards in single go

#

so i need to include this script all over my website for better fraud protection?

#

#

@glass hollow thanks ill do it

glass hollow May 22, 2023, 12:01 PM

#

Correct.

#

Happy to help. Please, let me know if you have any other questions.

#WEeZzEe