Parth R. Jangid (Pseudo Bugs) | Stripe Developers | Page 1

autumn coyoteBOT Jun 15, 2023, 10:42 PM

#

pulsar birch Jun 15, 2023, 10:42 PM

#

Hello! To clarify, you're handling the raw card data yourself? Are you fully PCI compliant?

desert lodge Jun 15, 2023, 10:43 PM

#

I am actually not complaint!

#

Is there a way through which I can safely send the card details that the user enters using STPPaymentCardTextField and then use those details to attach the card to the user?

frosty sonnet Jun 15, 2023, 10:47 PM

#

im not a stripe employee... but i had the same issue. i solve it by checking if the customer object has a card with identical fingerprint.
You can get fingerprint in paymentMethod.Card.Fingerprint
According to stripe docs, fingerprint is
Uniquely identifies this particular card number. You can use this attribute to check whether two customers who’ve signed up with you are using the same card number, for example. For payment methods that tokenize card information (Apple Pay, Google Pay), the tokenized number might be provided instead of the underlying card number.

reference: https://stripe.com/docs/api/cards/object

pulsar birch Jun 15, 2023, 10:48 PM

#

We recommend using the PaymentSheet on mobile if possible: https://stripe.com/docs/payments/accept-a-payment?platform=ios&ui=payment-sheet

desert lodge Jun 15, 2023, 10:48 PM

#

frosty sonnet im not a stripe employee... but i had the same issue. i solve it by checking if ...

Yeah the fingerprint is same both cards in my case that shall help.

pulsar birch Jun 15, 2023, 10:49 PM

#

Using the Mobile SDK's STPPaymentCardTextField should be generally fine when it comes to PCI, but you shouldn't be sending raw card details to your server, only to the Stripe API. More details about PCI compliance here: https://stripe.com/docs/security/guide#validating-pci-compliance

#

Look under the Mobile SDK tab there.

#

Can you tell me more about where you're seeing the duplicate attachment?

#

Or can you give me a Customer ID so I can investigate?

desert lodge Jun 15, 2023, 10:53 PM

#

Yes the customer id is cus_O2cK7KonnxAZ0g.

pulsar birch Jun 15, 2023, 10:55 PM

#

Okay, first, it looks like you're making some API calls to directly attach Payment Methods to this Customer. You shouldn't do that; the best way to attach a Payment Method to a Customer is with a Setup Intent or a Payment Intent with setup_future_usage set.

#

You did it the right way here, with a Setup Intent: https://dashboard.stripe.com/test/logs/req_LBLjaA8IWd62Pz

desert lodge Jun 15, 2023, 10:56 PM

#

Oh

pulsar birch Jun 15, 2023, 10:56 PM

#

That request to confirm the Setup Intent attached the Payment Method to the Customer.

desert lodge Jun 15, 2023, 11:01 PM

#

Oh I see. Thanks!

pulsar birch Jun 15, 2023, 11:02 PM

#

The typical approach, at a high level, is to create a Setup Intent, specify a Customer for it, then confirm that Setup Intent client-side with payment details provided in a Stripe UI component. Upon successful confirmation the Setup Intent will attach the Payment Method it creates to the Customer.

desert lodge Jun 15, 2023, 11:06 PM

#

Makes sense and if someone tries to attach the same card again then it will not attach it to the customer again and rather give an error correct?

pulsar birch Jun 15, 2023, 11:09 PM

#

That depends on what you mean by "same card". If you mean the same Payment Method object, then yeah, you'll get an error. If you mean someone types in card details, those get attached, then separately they type in the same card details, a different Payment Method is created, and that gets attached, that can happen.

#

You can tell if two Payment Method objects represent the same card by looking at the fingerprint: https://stripe.com/docs/api/payment_methods/object#payment_method_object-card-fingerprint

desert lodge Jun 15, 2023, 11:12 PM

#

Understood. Thanks!

#

Just one more question, do we have any method .createPaymentMethod if so can I use this to safely send my card details to server?

#

my own server*

pulsar birch Jun 15, 2023, 11:21 PM

#

The short answer is yes. The long answer is that it depends. If you want to use the PaymentSheet on mobile to generate a Payment Method I recommend you sign up for this beta: https://stripe.com/docs/payments/accept-a-payment-deferred?platform=ios

#

No, wait, that's the wrong link...

#

This one: https://stripe.com/docs/payments/finalize-payments-on-the-server?platform=ios

#

You can look at the web version of that guide to get a general feel for how that flow works.

desert lodge Jun 15, 2023, 11:24 PM

#

Sounds good thanks!

#

I have one more question if you don't mind. So if I pass setup_future_usage: 'off_session' while creating the payment Intent then it will process the payment and also attach that method to that customer correct?

If so then can I get an access to that payment_method's id, last 4, exp month and date? If yes then how?

pulsar birch Jun 15, 2023, 11:33 PM

#

Yep, that's correct. All of those details will be on the resulting Payment Method.

#

https://stripe.com/docs/api/payment_methods/object#payment_method_object-card

#Parth R. Jangid (Pseudo Bugs)