#aby_docs

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1263054505495236628

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• aby_docs, 1 day ago, 20 messages

Hi, let me help you with this.

Thank you 🙂

You don't need to be PCI-compliant for that, you can use SetupIntents to save and reuse a PaymentMethod in the future: https://docs.stripe.com/payments/save-and-reuse

I assume that first we would need to use that RAW card information we have to create one payment through Stripe, and then later on save that payment method for future usage in Stripe, so when we want to initiate the MIT, we have all the necessary data in Stripe, right?

The biggest problem with off-session payments is if 3DS is triggered. If you use SetupIntents when collecting the PaymentMethod, it minimizes the chances 3DS will pop-up when you try to charge this PaymentMethod in the future. However, the customer will need to be on-session to complete the initial 3DS, if needed.

Sure, thank you for that. But if I already have the data en my backend?

I mean, we will collect the card information outside of Stripe, then first I should create a payment with that RAW card data information right?

Or should I create the setupintent straight away?

With the payment information I have, the card without CVV

👋 taking over for my colleague. Let me catch up.

Thanks

are you PCI-DSS compliant?

oh sorry

just read the initial message

No worries

Basically I wanted to understand once we have the card details on our backend, how the process would look like until we are able to process a MIT

I assume that with that card details I should pass that RAW card data through API to create one first payment in Stripe, then once that payment information is in Stripe, I can use those payment details to process future payments

so basically to answer your question you don't need to create the Payment Method first

So then I can initiate a MIT with just the card information we have on our backend?

yes

Even if we don't have the CVV?

can you collect CVV separately by your customer?

We have been told that we can initiate a MIT with the card information, (even without CVV) and by sending the ID of the previous transaction, that's why I understood that first there must be a previous transaction in Stripe before being able to initiate the MIT

The flow we are working on right now, we were not thinking to collect the CVV, unless is totally necessary

But I guess if it's needed, we could collect it when collecting the card details and store it as well in our backend

CVV or CVC is important for the issuing bank

Yes

So then the payment will not work without that CVV?

Sorry for so many questions but we are struggling with understanding what would be the flow we must follow

that's up to the issuing bank to decide

understood

So then once Stripe checked that we are PCI compliant we should be able to process MIT with the information we have, right?

AFAIK I think so

you just need to add the payment method data https://docs.stripe.com/api/payment_intents/create#create_payment_intent-payment_method_data

when creating and confirming the PaymentIntent

Oh I see

So it's just a normal payment intent but being us the ones who provide the card number

yes and you also need to mention that it is off_session: true

since your customer isn't on_session

That is for avoiding 3DS to be triggered right?

At least as much as possible

technically yes, but it's just to let the issuing bank know that you are doing an MIT transaction

Wonderful

Then that's we were looking for

Thank you very much for your patience

sure let me know if you need any more help

We will perform some testing and if we need help we will reach out.

Thank you, appreciate your help!

sure thing