#RaK-action-required

It sounds like you're doing everything correctly to set up the payment method as best as possible. The authentication process is a bit tricky because it is ultimately up to the bank to determine whether or not authentication is required at the time of the charge.

Are you seeing this with a real card, or with are you using one of our test cards?

This is with a test card. Performing the process with the card details attached as the customers default before creating the subscription, then using the setupintent created, seems to work correctly. Just seem to be having an issue if provided before the trial has finished.

(also no issue if the payment intent has already been created before the card details are added, all that works fine)

I'd suggest running your test with two specific test cards that we have (but please let me know if you already have)

4000002760003184 - I would expect this card to mimic the behavior you're explaining, which is still a good scenario to code for as the bank could require authentication regardless of the setup process

4000003800000446 - this card should work for off-session payments without needing verification if it has been set up properly.

Yeah will definitely make sure the logic handles it, I'm just thinking optimal customer experience not having to log back in for each monthly invoice if its at all avoidable.

Will restest a few scenarios with those cards.

@neon perch apologies, the second card number that I meant to list was:
4000002500003155

For reference, additional details about these cards and their scenarios can be found here:
https://stripe.com/docs/testing#regulatory-cards

For the off session payments ?

Correct.

Thanks, the ones I've been using are https://stripe.com/docs/payments/3d-secure#what-is-3d-secure

The one ending in 0446 will work regardless of setup (for off_session) but the one ending in 3155 should only skip authentication if setup properly.

Thanks for the explanation, I must have picked a stricter card after performing my tests without realising, as the tests with the 2 cards you've given present in the same way, so looks like it's all set up correctly. I still have the fallback of telling them this is failed and they can validate the payment intent itself. Do you know if a card such as 4000002760003184 would be expected to fail each month ? This would presumably be a scenario where we advise the customer to speak to their bank to lower the restriction on that payment ?

Yes, the card ending in 3184 would be expected to require authentication every time it is charged. (It's the one I always use when testing "what if a payment fails in the future" test scenarios)

I just want to double check though that the card ending in 3155 worked for you, aka didn't require authentication, after it went through a SetupIntent?

Ah, I copied the wrong number and used 0446, I'll run a third test

Apologies again for that confusion!

No worries! All looks good, they went through with my current logic in both scenarios no problem with the 3155 card.

🥳 Awesome!! If that 3155 card didn't require authentication when you tried to charge it off-session, then your setup process is doing everything correctly.

Brilliant, thanks for your help