dmitry-zip | Stripe Developers | Page 1

lyric wyvern Oct 1, 2021, 9:59 AM

#

@restive canyon I think we had(or maybe still have) a bug where sometimes we update cards that aren't attached to customers, but yeah we shouldn't(though ideally your webhook endpoint should gracefully ignore it)

#

so you have an example evt_xxx event ID that looks wrong so I can investigate a little?

restive canyon Oct 1, 2021, 10:03 AM

#

Yeah, this is setup_intent.setup_failed event: evt_1JbV2oEwKKe5mSbTzhmA8VKY
And this is payment_method.automatically_updated: evt_1JfNFTEwKKe5mSbT1LPvKJAP
Both event have the same pm_... ID in the event body

lyric wyvern Oct 1, 2021, 10:08 AM

#

yeah that seems like the bug I remember, updating cards not attached to customers(it's pointless since as you said, you are not storing that ID anywhere and you can't actually charge that PaymentMethod anyway).

#

I'll raise it again internally since yes, shouldn't happen.

What is even more weird, the payment_method.automatically_updated event body contains the details of the second customer's card that was linked to the pm_456... payment method.
I don't completely follow this part, can you elborate?

restive canyon Oct 1, 2021, 10:13 AM

#

So initially the customer was trying to add a Visa5219 card, and the card was declined by stripe, and we received the corresponding setup_failed event.
Then the customer successfully added another card MasterCard0646, and we received the corresponding succeeded event.
Then, we received payment_method.automatically_updated event, and the event body contained the PaymentMethod ID that was linked to Visa5219, but the card property in the event body contained MasterCard0646.

#

So the "updated" event had the PaymentMethod ID of the Visa card, but the details of MasterCard. This doesn't seem correct either. I thought the purpose of the "updated" event was to update things like expiry date. It shouldn't be updating Visa to MasterCard, right?

lyric wyvern Oct 1, 2021, 10:23 AM

#

Then the customer successfully added another card MasterCard0646, and we received the corresponding succeeded event.
I'm guessing that happened on a different SetupIntent object?

restive canyon Oct 1, 2021, 10:23 AM

#

Yes, correct

lyric wyvern Oct 1, 2021, 10:27 AM

#

then what probably happened is the customer had a Visa, and their bank re-issued them a new card to replace it at some point, and the new card was a MasterCard(https://newsroom.mastercard.com/eu/press-releases/santander-to-issue-mastercard-debit-in-the-uk/ after all).

The customer had the visa details saved somewhere or they entered them by mistake and the payment was declined, then they realised the mistake and entered the MC instead.

Then later Stripe updated the details of the original PaymentMethod(these updates happen in batches) to reflect that the Visa details the customer entered have been replaced by the Mastercard(that is something that can change in the automatic updates, everything about the card including brand can change), which is technically a separate/parallel process to what's happening on your side in processing the payment

#

but yeah we should ideally not be updating that single-use PaymentMethod, or if we do, not sending webhooks about it, as you say, it's a bug and I remember we had a similar one in the past

#dmitry-zip