#jovan-m_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1242392675576057888

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

I've read this stackoverflow where it is not possible to collect postal code: https://stackoverflow.com/questions/76485684/is-it-possible-to-get-the-zipcode-from-a-stripe-payment-card-element

Can you provide the documentation indicating that it is not possible to do this?

Yes you can't access the Stripe Element fields value

What you can do is to create a spearate Input if you want to have control/collect that value in your integration

Or you collect that informatino after submitting the payment

by inspecting the billing address of the customer

https://docs.stripe.com/api/payment_methods/object#payment_method_object-billing_details

The thing is, we are currently under credit card fraud attack and they are using valid zip code. So what we were trying to do is to match their IP + Zip code if they match. If not, we won't let them proceed with their payment.

We have enabled Postal Code verification on Radar but they're still able proceed with their payment since they are using valid zip code.

Can you give me some advice on how to prevent credit card fraud attacks? We are currently offering $1 for 7-day trial and they are using our $1 payment form to test various credit cards.

Have you had a chance to check this guide/best practices ?
https://docs.stripe.com/disputes/prevention/card-testing

One of the options for example, is to add recaptcha and/or rate limites

Ohhhh let me check

Does Stripe has already captcha integrated?

When using Stripe Checkout. Stripe Element no, you need to integrate Captcha on your own

https://docs.stripe.com/payments/checkout#built-in

Do you have any documentation on how to implement rate limiters?

I wanted to limit it 1 transaction per IP

There's not much beyond the general rate limiting on the Stripe side: https://docs.stripe.com/rate-limits

However, you can look into Advanced Fraud detection when using Stripe Elements: https://docs.stripe.com/disputes/prevention/advanced-fraud-detection

Is Advanced fraud detection enabled by default?

Or I need to specify it? https://js.stripe.com/v3/?advancedFraudSignals=true

This one is on by default.
I also see, in the same article it says that Stripe.js also loads hCaptcha: https://docs.stripe.com/disputes/prevention/advanced-fraud-detection#:~:text=on each page where you load Stripe.js%2C it may load hCaptcha

So overall, as long as you use Stripe Checkout or Elements, you should be automatically protected.

Hmm okay. Thanks!

Happy to help.