#dusan-car_unexpected
wraith brambleBOT
👋 Welcome to your new thread!
⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.
⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.
🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1422953827115602133
📝 Have more to share? Add more details, code, screenshots, videos, etc. below.
uneven apex
It's really up to the bank
They decide which payments require 3ds and which don't
Can you share the payment intent where this happened though so i can look?
muted shuttle
Yes ofcourse, give me a second
muted shuttle
Setup intent which resulted in requires_action and 3DS params: "seti_1S6cDqDQxxrFqRtqMzh3Cgi5"
Payment method created with this setup intent: "pm_1S6cDrDQxxrFqRtqhRGCCXdY"
Payment intent in which this payment method was used and was successful:
"pi_3S6dUnDQxxrFqRtq0DrLOAWu"
muted shuttle
Is there a log/activity that I can see in the dashboard that confirms that ? How do you know it ws completed ?
I only see confirm request and it returns 3DS parameters and says requires action ?
uneven apex
Setup Intent succeeded event: https://dashboard.stripe.com/events/evt_1S6cEXDQxxrFqRtqVjHpF2Yf
I also internally see stripe system logs showing it
muted shuttle
Okay, thanks for that, then maybe my thinking might be backwards. Let me ask this then:
If we take a look at this customer to which PM is assigned to, it very much looks like he is fradulent and this is most likely not his credit card, since he's Polish and credit card is from Austria. And he has other credit cards from Austria which are most likely not his, and I've also seen other fradulent user with this exact credit card, so almost 100% not his credit card. Any idea how he might have been able to complete 3DS then ?
uneven apex
Not really my realm of expertise
I'm assuming they have access to the bank account login
But idk
muted shuttle
Also Im kind of confused, my setup intent creation request doesnt send 3DS parameter at all, so how do we enforce 3DS exactly ?
uneven apex
Also Im kind of confused, my setup intent creation request doesnt send 3DS param...
3ds is something banks request
Not you
There's ways to force request it
But it's generally requested when a bank wants it to be
muted shuttle
Im pretty sure that neither my servers are sending 3DS parameters, nor is my application displaying and handling the 3DS displays and screens, so I'm completely unsure of how customer might have completed 3DS exactly, that's why I assumed that he didn't
And event that you sent me has: payment_method_options.request_three_d_secure set to automatic. Could that mean that it wasnt requested ? Or does that not matter ?
uneven apex
Im pretty sure that neither my servers are sending 3DS parameters
You don't have to send any 3ds parameters. That's something a bank will ask for
And all our hosted surfaces support handling 3ds by default
Looks like this was completed in the stripe android bindings
muted shuttle
Whats the purpose of this parameter if its something that the bank asks for ?
https://docs.stripe.com/payments/3d-secure/authentication-flow?api-integration=setup-intents-api#manual-three-ds
So if I am using android hosted pages 3DS from confirm response is handled automatically ?
uneven apex
Whats the purpose of this parameter if its something that the bank asks for ?
That's to manually request it
Read the last 2 paragraphs of that section
Caution
Stripe only prompts your customer to perform authentication if 3DS authentication is available for a card. If it’s not available for the given card or if an error occurred during the authentication process, the payment proceeds normally.
Stripe’s mandatory authentication rules run automatically, regardless of whether or not you manually request 3DS. Any 3DS requests from you are additional to those required for SCA.```So if I am using android hosted pages 3DS from confirm response is handled automatically ?
The 3ds dialog is presented automatically and it's up to the customer to confirm
muted shuttle
Okay, that's interesting, let me check with the rest of my team and will let you know. So this should be reproducible in sandbox environment with 3DS test credit card I assume ?