#arielapaula_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1275817218084442142

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

What test card are you using? To trigger incorrect CVC error, you need to use this card: https://docs.stripe.com/testing#:~:text=Incorrect CVC decline

Incorrect CVC decline 4000000000000127 incorrect_cvc

I used that card, here's the payload:

are you calling the API directly or are you using Stripe Elements to submit the card details?

Ah I think for this specific card, the CVC is validated on confirmation. Not when the card is tokenized.

but I had the same issue on production today. The user added a wrong CVC

and the card was added

I'm using CardNumberElement, CardExpiryElement and CardCvcElement

and then calling to createPaymentMethod

Hello, do you have the ID of that card from production?

I have the payment intent id: pi_3PqCZCJn1cC6kOJB0BRU5s3E

it failed only once the user tried to pay

the POST payment_methods didn't fail

Yep, this is what my colleague was talking about. The post payment methods endpoint doesn't reach out to the bank at all. We check that the card number could be valid but there isn't any conversation with the bank until the confirm.

And on the confirm the issuer declined the card. If the cardholder thinks they put in the right CVC, it would be best for them to reach out to their bank. Banks sometimes send decline codes that aren't literally true. For example (and I am not saying this is necessarily what happened here), sometimes a bank will send a CVC fail instead of a fraud related decline code so that a potential fraudster won't know that the bank is on to them.

Is there another endpoint to use to reach to the bank before confirmation?

If you are just trying to take a payment here, you are making the right API calls. Unfortunately there isn't a way to know if a bank approve or decline a specific charge until you ask them to. Is there something specific you are trying to do here?

I see. We are trying to save the payment method to our API. That's being made after the POST payment_methods

The other issue I saw is that the 2nd time the user tried to pay with that saved card he saw this issue:

Shouldn't the CVC error appear instead of that one?

That error message is expected behavior. PaymentMethod objects can only be used once if they aren't attached to a Customer. The PM will be attached to the customer once the payment intent succeeds, but if the first attempt to pay with that payment method gets a decline, the expected next steps would be to create a new PaymentMethod and try with that.

The payment intent succeeds only if stripe was able to collect the payment, right?

For example if the user doesn't have founds: the payment method will be attached to the user?

Correct, we recommend not attaching cards via the call, and attaching them via intents because that way the cards attached to the customer have shown they are chargeable and are more likely to succeed on later payments.

With intents? No, the card would only be attached on a successful payment. You can attach it before trying to confirm if you want it attached either way