#ravinder_api

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• ravinder_api, 1 day ago, 52 messages
• ravinder_api, 1 day ago, 11 messages
• ravinder_api, 6 days ago, 10 messages

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1235463522633125979

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

log: req_NvlyePo5xyBhL1
i used different cvv but payment method still macthed to existing attached payment method

This is expected. Fingerprint is determined by the card number, but not CVV

If the card number is the same, i.e. fingerprint is the same, the payment method shouldn't be re-attached for de-duplicate payment method flow

what about security?

https://www.youtube.com/watch?v=MvMmOWWHjVo

if someone knows about card number than logic which assign existing stored payment method, right?

and payment will be successful

Stripe doesn't de-duplicate payment methods by default. You can display the saved payment method and have the customer to re-enter CVV on the existing payment method, instead of having customer to enter the payment method details to create a new payment method

do you agree with my statement above? the logic provided in video has security concerns

who does stripe validate CVV?

who --> how

Why do you think this is a security concern?

For the saved payment method, CVV validation is not mandatory

I'd recommend checking the guide here: https://support.stripe.com/questions/cvc-collection-requirements

If you wish to enforce CVV collection for the saved payment method during the payment, I'd recommend checking how it can be implemented here: https://www.youtube.com/watch?v=MM3ezC89178

So the steps will be:

1. Display the saved payment methods in your UI
2. Customer select the payment method to be used
3. Enter CVV with cardCvc Element: https://docs.stripe.com/js/element/other_element?type=cardCvc
4. Then confirm the payment

Please note that CVV doesn't get stored permanently in Stripe as part of PCI regulation, so the fingerprint ID has no knowledge about CVV

Fingerprint only represents the card number

but we are storing card for future use and can make payments without the customer

with this capability payment can be complete without re enter cvv, right?

Yes. If the customer is not present, re-collecting CVC is not required