#-_best-practices

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1420435370545385643

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• -_best-practices, 2 days ago, 10 messages

PayPal is so easy because they provide a payer_id, yet they require PayPal login.

I'm looking for a common identifier we can record to prevent abuse

It's available on some payment methods but not all

It'll provide a unique identifier for all the ones it's available on

is there a list of ones it doesn't work for?

No

You'd have to check the api spec to see which payment methods it's available on

AFAIK it's really only available on cards and bank accounts

ok, sounds like we should only support the handful of providers that send back specifically a CC fingerprint

Can someone confirm if specifically GooglePay, ApplePay, Amazon, WeChat, and Card types all send back specifically a fingerprint represents the card?

So users can't abuse our system by purchasing via a different provide with new email every month

If we can get a common fingerprint from these, that will be ideal, if not, we'll have to limit subscriptions to Card type I guess... Which defeats the entire point of doing this for access to China and our PayPal to Stripe signups are like 40:1 right now

Hi there! I'm taking over from my colleague. Will get to you once I'm done with other threads.

Ok, apologies for the delay. Yes, Stripe does return a fingerprint for payments made via Google Pay, Apple Pay, and card payments. The fingerprint is used to uniquely identify a particular card number and is consistent across transactions by the same card. However, for tokenized payment methods like Apple Pay and Google Pay, the fingerprint value is calculated based on the DPAN (Device PAN) instead of the real card number, meaning if the same card is added to multiple devices, it will lead to different fingerprints due to different DPANs generated for each device.

ok, I'll just limit subscriptions to CC