karishma_api | Stripe Developers | Page 1

west summitBOT Nov 20, 2024, 9:50 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1308912483322560632

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

heady heath Nov 20, 2024, 9:51 PM

#

stripe.js is for the web

#

So if you use a webview in the app for your payment form then you could

north hill Nov 20, 2024, 9:51 PM

#

got it. so it is not possible to use stripe's hCAPTCHA integration on any app that uses Stripe checkout?

heady heath Nov 20, 2024, 9:52 PM

#

Stripe Checkout should have hcaptcha built in

#

It won't be triggered always

#

But it's built in

north hill Nov 20, 2024, 9:53 PM

#

Right. So even if we its on an app and we use the Stripe checkout component it should work. I was reading the docs and it says this: "Also, on each page where you load Stripe.js, it may load hCaptcha. hCaptcha is a type of CAPTCHA that helps stop fraud and provides additional signals to Stripe while being low friction for legitimate customers." so i just wanted to confirm.

#

https://docs.stripe.com/disputes/prevention/advanced-fraud-detection

Advanced fraud detection

Learn about tools developers can use to maximize Stripe's ability to prevent fraudulent payments.

heady heath Nov 20, 2024, 9:54 PM

#

Oh what do you mean by stripe checkout

#

I thought you were referring to our Checkout Sessions

#

hcaptcha is for web integrations

west summitBOT Nov 20, 2024, 9:55 PM

#

north hill Nov 20, 2024, 9:55 PM

#

got it. I just meant the stripe checkout component. We send the information to stripe using your checkout ui.

#

but regardless, to confirm, stripe.js cannot be loaded within a mobile app, correct?

heady heath Nov 20, 2024, 9:56 PM

#

If you do it in a webview you can

north hill Nov 20, 2024, 9:56 PM

#

ok, and when it says "The Stripe iOS SDK and Android SDK are the mobile app counterparts to Stripe.js." that doesnt mean it offers the same functionality?

heady heath Nov 20, 2024, 9:58 PM

#

It should offer most of the same functionality

#

It won't be 1:1 though I suppose

#

They're different platforms

north hill Nov 20, 2024, 9:59 PM

#

Got it. Do you know anything in regards to how we'd manually integrate hCAPTCHA with stripe? are there any documents or tips

heady heath Nov 20, 2024, 10:00 PM

#

What's the use-case for manually integrating hcaptcha?

north hill Nov 20, 2024, 10:01 PM

#

We have a high volume of card testing on our platform. Our stripe account manager reached out to us concerned with the high volume of disputes and 402 errors. One of the recommendations was to leverage the use of hCAPTCHA that Stripe offers. We already do this on the web, but most of the payments we take are in the app.

blissful acorn Nov 20, 2024, 10:03 PM

#

Normally all Stripe surfaces should be fairly protected from card testing. You don't need to integrate Captcha yourself. Let me check what's in place for Mobile Payment Element...

north hill Nov 20, 2024, 10:03 PM

#

thanks! if it helps, we use the React Native SDK

blissful acorn Nov 20, 2024, 10:05 PM

#

Advanced fraud protection should be on by default for mobile SDKs too: https://docs.stripe.com/disputes/prevention/advanced-fraud-detection#ios-sdk

north hill Nov 20, 2024, 10:07 PM

#

Right, so without having stripe.js, the hCAPTCHA will still work?

blissful acorn Nov 20, 2024, 10:08 PM

#

Actually I am a bit confused. Card testing is done on surfaces that are easily automatable, like the web, so they can test large numbers of cards by running a script.
However, this is much harder to do on mobile.
Are you sure your declines/disputes are related to card testing?

north hill Nov 20, 2024, 10:10 PM

#

We have a lot of bad actors who are using our update payment flow in our app to consistently try stolen cards. It seems like its happening both in our app and on the web.

#

But if hCAPTCHA support doesnt exist as apart of the Mobile SDK advanced fraud detection, thats fine! I just wanted to make sure we were leveraging everything we could

#

so to confirm, hCAPTCHA only works where we can load Stripe.js. Since the iOS, Android, and React Native SDKs do not have the capability to run stripe.js, since its only available on the web, hCAPTCHA will not work in a Mobile app (this is because card testing in mobile apps is much harder).

blissful acorn Nov 20, 2024, 10:15 PM

#

Normally maximum protection is enabled by default, so you don't usually need to do anything about it, both on Stripe.js, and mobile SDKs.
I am still looking to find if hCAPTCHA is supported on mobile, but other protections that are in place are for sure enabled by default.

north hill Nov 20, 2024, 10:16 PM

#

ok thanks! When you are able to confirm if its supported on mobile, let me know.

blissful acorn Nov 20, 2024, 10:20 PM

#

Yeah, I don't think it's supported, unfortunately.

#

I would still recommend using Mobile Payment Element for mobile integrations, and if you feel like you need more protection, you can integrate CAPTCHA yourself somewhere in the checkout flow. It doesn't need to be tightly integrated with Stripe, just make sure it prevents customers from confirming the PaymentIntent repeatedly.

#karishma_api