benomatis | Stripe Developers | Page 1

pure sequoiaBOT Oct 17, 2023, 8:10 AM

#

calm canyon Oct 17, 2023, 8:12 AM

#

Hello! I'd guess that the customer opted to save the PM in the Payment Sheet via the checkbox

slow yew Oct 17, 2023, 8:14 AM

#

yes, I understand why it's happening, the question is why off_session and not on_session?

calm canyon Oct 17, 2023, 8:18 AM

#

We generally just recommend off_session wherever possible

slow yew Oct 17, 2023, 8:21 AM

#

isn't off_session allowing us to charge the card any time? wouldn't that need us to let the customer know they practically give us their card? at the same time, I'm really curious, is off_session the default if I set nothing?

calm canyon Oct 17, 2023, 8:22 AM

#

isn't off_session allowing us to charge the card any time?
Yes, but there should be warnings in the Payment Sheet UI to that affect

at the same time, I'm really curious, is off_session the default if I set nothing?
Set nothing where?

#

https://github.com/stripe/stripe-react-native/blob/master/src/types/PaymentSheet.ts#L333

GitHub

stripe-react-native/src/types/PaymentSheet.ts at master · stripe/st...

React Native library for Stripe. Contribute to stripe/stripe-react-native development by creating an account on GitHub.

#

Seems like the s_f_u value isn;t configurable. I'd recommend filing an issue/request on the GH repo if that is important to you

slow yew Oct 17, 2023, 8:27 AM

#

I know the warning you mean, but that's only appearing on web, in mobile there is just the checkbox and the title "Save this card for future Company Name payments"

#

"Seems like the s_f_u value isn;t configurable." > The code bit you showed doesn't specifically confirm it's forced, but it's the only thing I can think of as well. However, if I try and work it around by setting it on the PI, will the user's card always be saved even if the user doesn't check the checkmark?

calm canyon Oct 17, 2023, 8:30 AM

#

It's not forced, but if you allow saving then the only possible value is off_session

#

However, if I try and work it around by setting it on the PI, will the user's card always be saved even if the user doesn't check the checkmark?
Yes

slow yew Oct 17, 2023, 8:35 AM

#

the description is confusing in the code you linked

#

I don't understand who / what is doing or supposed to be doing what

#

shouldSavePaymentMethod: This is true if the customer selected the "Save this payment method for future use" checkbox. Set setup_future_usage on the PaymentIntent to off_session if this is true.

#

specifically this

#

Set setup_future_usage on the PaymentIntent to off_session if this is true.

calm canyon Oct 17, 2023, 8:36 AM

#

shouldSavePaymentMethod is set when your customer checks the box

slow yew Oct 17, 2023, 8:36 AM

#

who sets it?

calm canyon Oct 17, 2023, 8:36 AM

#

If they check that box, the SDK sets s_f_u: 'off_session' on the PI

slow yew Oct 17, 2023, 8:36 AM

#

this is basically an "instruction" for the app to itself...?

calm canyon Oct 17, 2023, 8:37 AM

#

If you want to opt out of allowing customers to save their cards then you need to remove the customer parameter from your API request to create the PI

slow yew Oct 17, 2023, 8:37 AM

#

no, I want to allow them to save, but I'd like on_session rather than off_session...

#

so I'll open an issue then instead on GH, ok... however

#

do you know if I can change customers' payment methods from off_session to on_session, is that possible? or I should ask a new question?

calm canyon Oct 17, 2023, 8:39 AM

#

slow yew do you know if I can change customers' payment methods from off_session to on_se...

No, you'd need to generate a new on_session Payment Method via a Setup Intent

slow yew Oct 17, 2023, 8:41 AM

#

I can do that without the involvement of the user?

calm canyon Oct 17, 2023, 8:41 AM

#

No the customer would need to be on-session to provide card details and complete (likely) required 3DS/auth

slow yew Oct 17, 2023, 8:45 AM

#

ok, thank you

calm canyon Oct 17, 2023, 8:46 AM

#

np!

slow yew Oct 17, 2023, 8:47 AM

#

sorry

#

last question

#

does off_session also mean we could just take the card and charge it any time with any amount?

#

practically use the card for whatever we want? just asking, because this then looks very worrying, I'm surprised this would be the default option

calm canyon Oct 17, 2023, 8:49 AM

#

It means you can initialise payments where the customer is off-session (i.e. not in the checkout flow), also known as MIT. Don't believe there's any limit on that, but there is still the chance that the bank/issuer can request 3DS/auth for off-session payments

slow yew Oct 17, 2023, 8:54 AM

#

I'd never just give my card details to any company to use it as they wish (barring 3DS), not even the state... What can be the thought process behind why this would be the default? Am I missing something?

calm canyon Oct 17, 2023, 8:56 AM

#

I don't believe you are. The APIs/UIs are designed to optimise payment flows and conversions for merchants. There are risk factors, sure, but merchants abusing saved cards are only likely to damage their merchant rep with card networks (via chargebacks/disputes) so it'll only impact their business in the long run

#

If you have any further questions about this, I'd recommend speaking with suport: https://support.stripe.com/contact

Stripe: Help & Support

Find help and support for Stripe. Our support site provides answers on all types of situations, including account information, charges and refunds, and subscriptions information. Get your questions answered and find international support for Stripe.

#benomatis