#surgical_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1326627212169838734

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

here is one example of single payment intent being attempted multiple times until a card succeeds

Hi there! I think the simplest approach here would be to track the number of attempts on a PaymentIntent (on your end) and cancel the PaymentIntent when it hits a number of attempts

Also, you could consider using Stripe Radar for blocking charges that have had previous attempts blocked:

https://docs.stripe.com/radar/rules/supported-attributes#charges-that-were-blocked

how could I track if the someone is changing the credit card within the stripe elements form?

Do you mean using a webhook?

And For Stripe Radar - would this apply to charges hitting a connect account?

One way would be to keep state client side of the number of attempts and check that state as a part of your form submit handler. Webhooks would also work to keep a count of attempts server-side

And regarding Radar, this would not work for standard accounts, which you already said you were using. Apologies for that.

Okay - this seems like a major hole does it not? Even with client side attempts, there's no true way to block fraudulent activity that clearly looks fraudulent?

The other problem is I don't get feedback on the error on client side that there is suspected card testing, only that it is declined, and this could be a likely scenario

Handling declines and card testing are, unfortunately, part of card processing. Radar blocks payments based on the signals it receives, but if you want to track fraud signals and block payments based on your own calculations, you'll ultimately need to handle that on your end.