paul_error | Stripe Developers | Page 1

silent steepleBOT Oct 21, 2024, 4:30 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1297960181640204389

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

lofty sky Oct 21, 2024, 4:32 PM

#

#

Essentially, our front end allowed the user to proceed in our flow because of the 200 on the confirm of the paymentIntent request

#

But the 3D Secure auth failed the payment after the fact

#

So the user came back to us asking for a reason why they didn't receive the payment

slender sable Oct 21, 2024, 4:34 PM

#

Hi 👋

Can you provide the payment intend ID as text ?

lofty sky Oct 21, 2024, 4:34 PM

#

pi_3QAwz3Ffzadd3IOM0Mo0UCsr

slender sable Oct 21, 2024, 4:35 PM

#

Thanks, taking a look

lofty sky Oct 21, 2024, 4:36 PM

#

We know that the payment was a fraud attempt, but want to know how we can prevent this kind of situation.

slender sable Oct 21, 2024, 4:36 PM

#

I see that 3DS was required in response to 2 attempts to confirm it

#

But 3DS was not launched

#

And never completed

lofty sky Oct 21, 2024, 4:38 PM

#

interesting, what would prevent it from launching? is that known to happen?

#

but /confirm was a success in this case right? can that happen?

slender sable Oct 21, 2024, 4:45 PM

#

Yes, because the confirm request was successful. It returned a response indicating that this payment intent required a next action.

#

That is not an error

#

It looks like you are using our payment element. Can I ask you why you are using the confirmCardPayment() method?

lofty sky Oct 21, 2024, 4:51 PM

#

apologies, so this is what we use if it's a new user entering payment details for the first time:

        .confirmPayment({
          elements,
          confirmParams: {
            payment_method_data: {
              metadata: { story_id: props.storyId },
              billing_details: {
                address: { country: 'US', postal_code: null, state: null, city: null, line1: null, line2: null },
                name: savedSignUpData?.full_name || firstName + ' ' + lastName,
                phone: null,
              },
            },
          },
          redirect: 'if_required',
        })

#

but if we have an existing user with a saved payment method we use confirmCardPayment

slender sable Oct 21, 2024, 4:54 PM

#

Gotcha. Okay.

lofty sky Oct 21, 2024, 4:54 PM

#

Ok, that's great insight, i'm checking with our payments team to see if have had successful 3DS payments. I'm pretty sure we have

slender sable Oct 21, 2024, 4:56 PM

#

I'm trying to see if we started the 3DS process but received an immediate rejection. I can see the redirect parameters in the confirm requests like this one: https://dashboard.stripe.com/logs/req_MxO58nJ0iCOlwL

lofty sky Oct 21, 2024, 4:56 PM

#

so do we need to somehow add a check for next_action completion maybe?

#

great, thank you, that could also explain it

slender sable Oct 21, 2024, 5:01 PM

#

Okay, looking deeper it seems like the ACS server (that the issuing bank uses to handle 3DS) was offline. We never got a response back from them.

lofty sky Oct 21, 2024, 5:02 PM

#

ah, interesting, so it seems like more of a one-off situation?

slender sable Oct 21, 2024, 5:02 PM

#

Correct. We never got the 3DS challenge from the issuing bank

lofty sky Oct 21, 2024, 5:03 PM

#

ok great, that makes us feel a lot better. we have never seen this before but had a few emails come in today with the same complaint

#

but we also know that these attempts were also fraud

slender sable Oct 21, 2024, 5:05 PM

#

Okay so no valid customers were impacted either? That's good 😅

lofty sky Oct 21, 2024, 5:10 PM

#

yes, confirmed that no valid customers were impacted. we're doing one last check to see if this would also explain other "successful" failed payments.

silent steepleBOT Oct 21, 2024, 5:16 PM

#

lofty sky Oct 21, 2024, 6:22 PM

#

ok, so we've reviewed the weekends payments with the same issue:
https://dashboard.stripe.com/payments/pi_3QBHpkFfzadd3IOM0fbSegu2
Oct 18, 11:11 AM
Visa credit card
MASHREQBANK
United Arab Emirates
https://dashboard.stripe.com/payments/pi_3QAwnVFfzadd3IOM00X4etOe
Oct 17, 12:43 PM
Visa debit card
PNC BANK, NATIONAL ASSOCIATION
United States
https://dashboard.stripe.com/payments/pi_3QBN7zFfzadd3IOM0ndwX9g0
Oct 18, 4:50 PM
Mastercard debit card
BANK OF AMERICA, NATIONAL ASSO
United States

note the payment intents in the links. were these all bank offline issues? how can we tell to confirm?

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

neat orbit Oct 21, 2024, 6:23 PM

#

👋 stepping in

#

Let me take a look at those examples

lofty sky Oct 21, 2024, 6:25 PM

#

great, thank you

#

also here's the code for we handle successful (200s) confirmations.


    ...

      pr.on('paymentmethod', async ev => {
        setIsProcessing(true);

        const user_email = ev?.paymentMethod?.billing_details?.email;

        const { paymentIntent, error: confirmError } = await stripe.confirmCardPayment(
          paymentIntentClientSecret,
          { payment_method: ev.paymentMethod.id },
          { handleActions: false }
        );

        confirmError && console.log('confirmError', confirmError);

        if (confirmError) {
          ev.complete('fail');
          if (confirmError.type === 'card_error' || confirmError.type === 'validation_error') {
            setMessage(message);
          } else {
            setMessage('An unexpected error occured.');
          }
        } else {
          ev.complete('success');
          if (paymentIntent.status === 'requires_action') {
            // Let Stripe.js handle the rest of the payment flow.
            const { error } = await stripe.confirmCardPayment(clientSecret);
            if (error) {
              // The payment failed -- ask your customer for a new payment method.
            } else {
              // The payment has succeeded.
            }
          } else {
            setIsProcessing(false);
            new Promise(resolve => {
              resolve(nextPage());
            });
            dispatch(UserActions.setPaymentIntent());
            dispatch(UserActions.setPaymentIntentId({ donationId, shortLivedToken }));
            dispatch(ModalActions.set('DONATE', { ...details, nextPage, user_email }));
          }
        }
      });
    }
  }, [stripe]);

neat orbit Oct 21, 2024, 6:37 PM

#

Okay so a bit of a mixed bag here it looks like. Seeing some that look like more standard 3DS failures and then some where it looks like potentially the issuer doesn't support 3DS (3DS isn't all that common in the US still overall) so that may be at play here. Overall I'm not an expert on the inner workings of 3DS but I can tell you that your integration is sound. So really if you want more insight into what might be going on here I'd recommend you reach out to our Support team with these specific examples and they can correspond internally for a deeper look. You'd reach out to them via https://support.stripe.com/contact/login

silent steepleBOT Oct 21, 2024, 6:46 PM

#

#paul_error