#phpeixoto-3ds

Typically when you create PaymentMethod tokens from the Sources objects, it carries over the SCA/3DS auth exemption

Issuers however can request 3DS anytime

I didn't create new PaymentMethods, I simply retrieve them as so

pm = stripe.PaymentMethod.retrieve('card_12345')

Umm, can you share example objects for this scenario so that I'm on the same page?

like pm_xxx ID, card_xx ID as well as the payment intent ID (pi_xx) where you saw 3DS requested?

I cant because it's production data

let me see if I can reproduce that in test mode

IDs are safe to share

Only stripe employees can access the info

pi_3OLbP0EA31HiYedh06WlFlX8
card_1NroPZEA31HiYedh0xvnoceO

Yeah so sometimes banks will require 3ds auth on transactions. You'd need the customer to come back online to auth it

No way to handle it on the backend

Customer needs to be present for that

Going forward, when you collect payment details, you should use a setupintent or payment intent with setup_future_usage to prevent this from happening often

But it's still possible

Really it's up to the bank

phpeixoto-3ds

=/
That's a bummer. I'm already using setup intents for new customers, but all of my customer base is already built with those old card Sources...

Let me check with a colleague to make sure I'm not missing something here

These cards used to work OK with the old Charges API.
Can you share some charge id's where charging that above card_ succeeded off session? Just for comparison

How frequent is this issue?

Not frequent. A few cases have been reported in a customer base of 60k
but i've just went live with the update, so...

ch_3NroPmEA31HiYedh1jREbl4K

Oh that's not unexpected then

If it's just a few cases out of 60k

Banks sometimes require 3ds for off session charges