squirrelmaster-paymentintent-security | Stripe Developers | Page 1

distant meteor Mar 4, 2022, 11:12 PM

#

1/ That's up to you I would say, ultimately if someone malicious tries to confirm the PI with the wrong amount you can refund them and cancel their order right?

#

2/ we don't support Stripe Tax on PaymentIntents at all so that's not a flow that can happen right?

undone flower Mar 4, 2022, 11:13 PM

#

1/Right, I understand there are different ways to work around this, I'm just wondering if there's a best practice

#

2/I would be tracking tax myself

distant meteor Mar 4, 2022, 11:14 PM

#

If it were me, I'd update the PI only once I'm ready to take a payment, which is usually on a different screen

#

and for #2 then yes it's possible and it feels similar to #1, in that case you basically know they are abusing the system and you refund them and cancel the order I would say

undone flower Mar 4, 2022, 11:14 PM

#

Got it... ok, thanks!

distant meteor Mar 4, 2022, 11:15 PM

#

Since we don't refund our fee when you refund one solution is to use authorization and capture (if you focus on just card): https://stripe.com/docs/payments/capture-later

#

that way whenever someone confirms you can always verify everything is in order and then decide to capture or refund based on that

undone flower Mar 4, 2022, 11:16 PM

#

oh, great

#

thank you

#squirrelmaster-paymentintent-security