#brian-hogg_unexpected

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1243571581108621402

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi there 👋 this may be limited by the integration path that you've selected. How are you currently collecting payment method information from your customers, are you using our Payment Element or our Checkout Sessions? (or possibly something else)

Hi Toby! I'm relatively new to maintaining this integration but it looks like we're using Stripe web elements, creating a payment intent to process the payment at that time or in the future (in the case of a trial and/or recurring payment). We're not using Stripe subscriptions currently.

From what I can see in the WooCommerce and other integrations they're not really specifying any options for 3D secure and referencing Stripe Radar in order to customize when 3D secure appears. Since I'm not seeing any further options in the docs on how the 3D secure authentication displays, and based on the note that the bank determines what happens there, it seemed there are not any options to change how it behaves on our end.

Hm, I tested with my Payment Element flow, and the 3DS challenge appeared as a modal rather than a popup for me.

And am seeing the same with a Checkout Session. Are you manually redirecting your customers to the 3DS challenge flow?

Would that the same for all banks/cards (modal vs. popup)?

As far as I'm aware. We provide a consistent place for the bank to surface their unique challenge details.

Will see if I can dig up where a 3DS redirect might be happening. If there's any docs on how one might do that it might help track it down quicker, but I'll search through the docs regardless 🙂

It involves passing a return_url when making a server-side request to confirm the Payment Intent, then we provide you with a URL that you can direct your customers to rather than responding in a way that our stripe.js SDK can handle. We talk about that in a bit more detail here:
https://docs.stripe.com/payments/3d-secure/authentication-flow#manual-redirect

Thanks! It does not appear that we're doing that. It always shows in a modal for me. I'd assumed certain banks could show in a new window or tab vs. the modal, but I'm not able to see that in my testing.

At this point we'll see if we can get more information on how this is happening for the particular customer, and if it's a result of another plugin or theme injecting a return_url , if it's happening with a particular bank and not others, or if there's something on our end that's causing this behaviour. Thanks for the help!

Any time! Fwiw, I wouldn't expect it to be as simple as something injecting a return_url, as that has to be done by a request being made from your server, it would be a pretty drastic change if your typical flow uses client-side confirmation. More details would be helpful here, I may be mistaken and sometimes popups are opened instead of modals, but I don't think I've ever seen that. I'm also not sure if some browsers may block modals as if they were popups, though again, I don't think I've ever heard of this.

That was also my thought (that modals might be blocked) but I've also never seen that.

One final thought on this. If your customers aren't seeing the modal/popup, AND their payments are failing to process due to authentication issues, then it could be that they're going through the frictionless auth flow 3DS2 introduced and their bank is declining the authentication.
https://stripe.com/guides/3d-secure-2#frictionless-authentication