#newtreyes

hello!

Hi

this is for a Standard acct?

Standard Connect acct

Custom Connected acct

I think you do this by setting this field on the connected account: https://stripe.com/docs/api/accounts/update#update_account-settings-card_payments-decline_on-cvc_failure

can you fetch and see what it is for that account?

Let me check

Ok

When retrieving the connected account, I am not getting any settings info

Am I missing something?

What type of connected account is it? Custom? Express? Standard?

Custom

Hm. Are you using your secret API key to retrieve it? Not a restricted key or anything like that?

Oh, what API version are you using?

I'm guessing it's something prior to 2019-02-19?

Not restricted

https://stripe.com/docs/upgrades#2019-02-19

In versions prior to that settings doesn't exist.

Mmmmm

I am not setting the version

If you're not setting a version the default API version on your account is used.

More info here: https://stripe.com/docs/upgrades#how-can-i-upgrade-my-api

where can I see that

https://dashboard.stripe.com/developers

🙂

Note that you should not upgrade your default API version unless you're 100% certain your integration is ready for the change.

Upgrading is dangerous, and can break things.

You can instead specify an API version in the Stripe-Version header when you make a request.

So, this means that CVC is not actually checked for this account as of right now correct?

Or, it is checked but if failed, the payment still goes through

That means if the CVC check fails but the charge is otherwise authorized the charge will succeed.

If you want the charge to decline when the CVC is wrong you need to set cvc_failure to true.

Is it possible to override this setting by means of radar rules?

You could write a Radar rule that did the same thing, but it wouldn't override this setting. It's more like it would live alongside it.

Mmmmm

QQ: Is false the default value for cvc_failure when creating a connected account?

I believe it is, yes.

What's your overall goal?

Like your original quesiton was, "We would like to disable CVV validation for a specific Connected Account." but it sounds like there's more to it than that?

Well, our customer wants to disable CVC check. We wrongly assumed that this was enabled by default and wanted to disable it. Now, we found out this was disabled by default so none of our connected accounts are checking for CVC.

So in a sense, yes... we just found out that there is more to it than what we originally thought

🙂

Gotcha. I recommend keeping it simple and updating that settings property unless you need more advanced functionality with a more complex Radar rule.

Yes

Got you

thank you @round yacht

Happy to help!

One thing I should probably flag is that I believe the default for this changed at some point. You might have older accounts with this enabled. Let me see if I can confirm that...

Just checked our oldest connected account and it is still set to false

Any reason why that was set to false by default? Isn't that less secure by default?

I'm not certain why the decision was made.

Ok

Again, thank you very much for all your help sir