#michael3234324_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1235214670407929957

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Unless you have a radar rule that blocks payments with failed cvc verification, I think you should be okay. But in any case, you can always recollect cvc: https://support.stripe.com/questions/recollect-cvc-to-prevent-fraud

@normal flower thanks good to know it wont cause friction for legitimate customers if their cvc happens not to be checked.

What about the case where there is actual fraud going on? Let's say the fraudster has the correct card number but not cvc number, but cvc does not get checked.
Could we be getting fraudulent payments which would then be disputed/refunded?

also is it guaranteed that the bank will actually check cvc if we recollect it? Presumably if they didnt check it during the setup intent, they probably wont check it again.

It is upto the issuing bank as far as I know.
https://docs.stripe.com/disputes/prevention/verification#cvc-check

Just to be clear im not talking about the case where CVC verification explicitly fails. Im talking about the case where it is "unavailable" (where it just isnt checked at all?).

If CVC is unavailable at the time of saving the card, would that info become available when a charge is made, and appropriate steps be applied ?

i.e. i actually do want wrong cvcs to fail, but it seems that its entirely up to the bank/stripe whether cvc is even checked.

If CVC is unavailable at the time of saving the card, would that info become available when a charge is made, and appropriate steps be applied ?
Do you mean CVC verification here?

ya - as per the documentation:

To prevent card testing, Stripe is sometimes required to not check cvc and zip checks on card validations, so they may appear as “unavailable”.

great that its preventing "Card testing" but not checking the security code seems like a bigger issue in my (maybe uninformed) opinion

I think that's expected. As the charge may even succeed if CVC check fails. This is because: https://support.stripe.com/questions/charge-succeeded-despite-cvc-or-zip-check-mismatch

Without a specific block rule in place, a charge can still be approved by the customer’s bank, even if the CVC or ZIP code (AVS) check fails.

Banks take a variety of signals into account in their own systems and may see a charge as being legitimate despite the check not passing, and then send the charge approval along to Stripe.

Ok so theres probably some behind the scenes work going on at the banks? And theyve decided not to perform CVC checks?

Yep

k thanks. Would you say i shouldnt worry about this unless were seeing an increase in disputes or failures?

Yeah imo you can use radar rules to block any failed CVC verification payments (it won't affect charges that have cvc check unavailable)

Even after that if you keep seeing increase in disputes/failures then you can implement CVC recollection flow