#cadu-paymentintent-3ds

req_aiT3NvSJAvxHkl this is the ID from request of creation the payment intention

HI 👋

requires_action usually means the customer needs to provide some sort of authentication

this is the ID of confirmation request req_GHjsAz5mXQRpl2

and it failed at capture action: req_1df6xYV11HydPA

Yup, you need 3D secure

what is the 3D secure?

https://stripe.com/docs/payments/3d-secure

The issuing bank for this card has requested additional authentication from the card holder and you cannot process the payment intent further until the card holder authenticates

is there any way to active a flag in payment intent creation to pass through this?

@kindred ivy what do you mean "active a flag"

cadu-paymentintent-3ds

like in payment intent creation i choose to pass throught this or not

or that's a security protocol that cannot be skiped?

pass through what?

3DS is required by banks in many countries

So really, if you want to accept online payments you have to handle 3DS

because after the 3DS step I'll need to capture this payment intent

but it comes with status "requires_action"

and capture method just accepted "requires_capture" to work properly

I understand that part but you can't do something after 3DS if you haven't done 3DS yet

What you need to do is when you call the Confirm PaymentIntent, if 3DS is required then you need to go and get your Customer back on your app/website to properly handle 3DS

you also likely didn;t collect card details properly as that card PaymentMethod is from back on Aug 10 where you seem to have called the Attach PaymentMethod API https://stripe.com/docs/api/payment_methods/attach instead of using SetupIntents

hmmmm

i'm reading the docs

whats the url to three_d_secure that i provide to the client?

You don't provide any URL

next_action: {
type: 'redirect_to_url',
redirect_to_url: {
url: 'https://hooks.stripe.com/...',
return_url: 'https://mysite.com'
}
}

You're supposed to use one of our hosted UIs like PaymentElement to handle all of this

redirect_to_url.url

Yeah that exists but no one should use it this way unless they are extremely advanced. You seem more confused with how the basics of our products work so I would highly recommend reading our basic quickstart first https://stripe.com/docs/payments/accept-a-payment?platform=web&ui=elements to understand how to collect card details

nope

i got it

in my system I create all payment flows

payment intent creation, confirmation and captured methods

but some cards do not pass into 3DS

so it raised an exception

sure which means you didn't get it right?

when its passed because i do not treat this

Or do you mean you already do 3DS on card collection?

I don't think you do since you use the Attach PaymentMethod API which is rarely used

for the cards

i create a payment method type card

after that I attach this card to an customer

and used this payment method id at confirmation of an payment intent

yeah that's what I am saying

you are not following any of our guides if you do that, and it'll never handle 3DS properly

1/ Create a PaymentIntent (to accept a payment immediately) or SetupIntent (to collect card details for future usage)
2/ Use PaymentElement to confirm the PaymentIntent or SetupIntent
^ this does 3DS and will properly attach the card if you configure it properly
That's why I shared our detailed docs which you aren't following

is there any way to do wihtout using elements?

i want to do it at server side of my application

How are you collecting card details without Elements? Are you doing all of PCI yourself as a large company?

i work at a software house that's developing an app to a big company

so they got the data from pagar.me

and migrate it to stripe recently

that's it, i do not want to retrieve the details, i create an payment method that give me back its id, so I use the id to create confirm a payment intent that was created for that client that had the card (payment method)

that's it, i do not want to retrieve the details, i
what does that mean though? Who created that PaymentMethod? With which code? Are they doing 3DS? If they aren't then you will have to

that is an ID from an purchase that worked, could you check if its pass through 3DS?

request id: req_WOZFnmmUJ49pXm

you can check all of this yourself as the developer. All the details are in the Dashbord and the API

for this request, i received this field at the response:

"three_d_secure": null,

okay so taht means 3DS didn't happen right?

right

I'm sorry I'm worried we're running a little bit in circles here due to an overall misunderstanding

3DS is required in many countries (like most of Europe). In other countries, it's up to the bank. Some bank will require it, and you, as the developer, have to handle this

my english is not so good, i'm trying to keep up 😅

my bad

ah no worries, your English reads totally fine at least

whenever a bank requires 3DS (or we do), you get to status: 'requires_action and you have to make sure your Customer comes back to your website/app so that they can do 3DS as required.
Does that part make sense?

make total sense

Okay, so in theory, what should happen is that you do 3DS when you collect card details upfront. But you mentioned you don't collect card details, a "partner" does?

sorry for this miscommunication, we do collect it, but just for the new purchases since noew.. About the previous data a third party company that collected it

Sorry that part I don't understand what that means. That card you shared earlier was collected on Aug 10.

That was collected for a partner

we just migrate the data to stripe

Ah gotcha

hmmmm that's not what I'm seeing though

That app works in other plataform(vtex), and now we're creating an custom solution for them

we have that from them and created at our plataform

if the PM id prefix starts with card_ that's migrate data

yeah that doesn't really makes sense

if its start with pm_ that's the new one

card_123 work totally fine

I'm a bit worried you're mixing up everything with our API unfortunately

https://dashboard.stripe.com/logs/req_CBHUWNGAGUBf6Y this is you writing code and creating that card PaymentMethod object with raw card details in Node.js on your server, right?
This means you have the raw card details. This also means you broke PCI compliance rules by doing this yourself

yes, that's from our application

but we do not store at our database

any data from customer

just the payment method id

I mean you did have it, you broke the rules, this is quite bad in theory

you should never have raw card details on your server, whether you store them or not

and we do not have it

you did at the time you made that request

which the rules forbid

and how can I register an card at stripe?

its not using payment method?

still don't get it

because at the application database we only store this:
"id": "pm_XXXXXXX",

and use it to confirm a payment intent

@kindred ivy PCI rules govern what you can do as a company with card details. One of the rules is that card details should be collected securely client-side and never on your server

so i have to do this request at the frontend

and did a patch to update my databse with stripeId

https://stripe.com/docs/security/guide#validating-pci-compliance

you have to ask your customer to enter their own card details in the browser, yes. You should never do this for them

the customer write his card number, cvc and whatever about his card.. we did not do this, we just migrate data from other company. And at our database we just have id from payment method id

its a checkout screen

yeah sorry again we're going in circles

Who entered those card details? The customer that owns the card? Or your own team during the migration?

the customer that owns the card which are flow from an ecommerce

let me ask my collegue about migration but i guess it was handled by you guys, bring card info from pagar.me to stripe, i guess we not participate from that

@kindred ivy you might be better off talking to our support team at this point