#tristanoneil_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1300875964603174963

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Some additional context, Stripe CS suggested this to support better fraud detection but I was wondering if there are any additional benefits.

Hello! It looks like you're directly attaching Payment Methods to Customers, which is not recommended. You should use a Setup Intent or a Payment Intent with setup_future_usage to make sure the Payment Method is properly set up for future payments. Directly attaching does not perform that kind of set up.

The set up performed varies based on many factors like the payment info being used, the location of the business, the location of the customer, and so on. There's no single comprehensive list of every possible combination of all of those factors.

and this doesn't happen when we charge the payment intent assosciated with the first invoice?

we do currently handle SCA confirmation as needed

The main issue is that you're directly attaching. Have a look at this request: https://dashboard.stripe.com/logs/req_S1cR24RQBMaDth

You should not be doing that.

You should be using a Setup Intent or Payment Intent with setup_future_usage to set up the Payment method and handle attachment for you.

For example, if you create a Setup Intent and set the customer to your Customer's ID, when the Setup Intent is successfully confirmed it will automatically attach the Payment Method to that Customer for you.

When you attach directly you trigger a validation without any kind of set up, which can lead to various issues like attachment failures.

we do have:

      begin
        customer.attach_payment_method(payment_method&.id)
      rescue Stripe::CardError, ArgumentError, Stripe::InvalidRequestError => e
        raise CannotAttachPaymentMethod.new(e.message, e.try(:code))
      end

and errors are almost never raised.

I guess I'm trying to get at the practical issues this flow causes so I can communicate it to business stakeholders. That's still not super clear to me.

I understand we're doing it pretty wrong 😆

I'm glad you're not seeing errors now, but the approach you're using is not recommended and doing proper set up will help protect your integration from encountering issues not just today, but also in the future.

Again, the specific issues depend on a myriad of factors. The high-level overview is that you should properly set up your saved Payment Methods to ensure they continue to work in the future.

Gotcha so we could potentially have higher churn in the way we're currently handling this.

For example, one specific thing set up does is handle 3D Secure in regions that require it, allowing for 3D Secure to be triggered if needed during the set up process instead of later, during a recurring payment when the customer is no longer around.

That may or may not apply to you depending on where your business and/or your customers are located.

Yes.

When you directly attach there's no opportunity for 3D Secure to run, which means its more likely you'll get declines down the road if 3D Secure is required for a particular transaction.

and just to confirm when we're running 3D Secure just on the first invoice payment it may only apply to that single payment vs a recurring payment.

Yes. If you look at the Payment Intent associated with that Invoice you can see setup_future_usage is set to null which means no set up is being performed. It's only running 3D Secure for that single transaction, you're not running it to set up the card for future off-session payments.

Ok, great. This was super helpful. Thank you!