#Ammar-3ds-test

Hey, can you share the Payment Intent where the error is occuring?

req_8NVMekcLke6nw0

Yep, this is expected as you passed off_session: true

3DS is required for that card, but as you marked it off-session we return it as a decline as the customer isn't able to complete 3DS/auth

Hmm, I have used other 3DS cards and this is not the case. Let me double check 1 second.

req_PsIzImVscshKP2

See that payment is made using the following card. And works with my stripe integration fine.

4000000000003220

And works with my stripe integration fine.
That's also a decline

The code is authentication_required

The stripe guides say that if 3DS fails off session this will be the code.

If I use the test card ending in 3220 it is

But if I use the test card ending in 3063 its not.

Ah, got it. My bad

Let me try replicate this quickly

Hmm, indeed. Can replicate

I'm unsure if this is expected, but I'll raise it internally!

Thanks, when can I expect to hear back from you?

I'm not sure I'm afraid

It's likely not be to assessed anytime soon, but I'llm share with the owning team

Ok, but you will keep the thread open and get back to me whenever you have a response?

What's the urgency? This is a test card, it won't impact your live integration

Well, that is what I am concerned about. If you are confident it is an issue on your end with the test card thats great. But I am worried it may be an issue on my part and do not want to find out 1 week later we have lost out on sales due to the error.

Then I would recommend you adapt your code to handle accordingly

You should be handling declines anyway

We do. We let the user know their card was declined. But if a 3DS prompt returns a declined code instead of letting the user auth the payment. It will just get flagged as declined....

But that was only because it was off-session

Try the same card but with an on-session payment and auth/3DS will be requested as expected

Yes the payments are off-session

Our system has to handle both off-session and on-session payments

If a payment fails of session due to 3DS being required we need the user to authenticate the payment so we can go ahead with the booking.

If our app thinks the payment was declined it will never ask them to authenticate.

Not sure how you expect me to "adapt my code to handle accordingly"? Should I change my app to attempt to authenticate declined payments??? That makes no sense.

to be clear, this is a quirk

I get that and I am hoping that is the case

it works differently in off session versus on-session, in of-session you get a decline, instead of the PaymentIntent transitioning to the requires_action status

it's intentional but can be confusing

If its intentional does that mean I have to account for that?

the docs at https://stripe.com/docs/payments/save-during-payment-cards-only?platform=web#web-create-payment-intent-off-session cover this case

When a payment attempt fails, the request also fails with a 402 HTTP status code and the status of the PaymentIntent is requires_payment_method. You need to notify your customer to return to your application (for example, by sending an email or in-app notification) to complete the payment. Check the code of the Error raised by the Stripe API library or check the last_payment_error.decline_code on the PaymentIntent to inspect why the card issuer declined the payment.

If the payment failed due to an authentication_required decline code, use the declined PaymentIntent’s client secret and payment method with confirmCardPayment to allow the customer to authenticate the payment.

Or is it intentional for that specific test card?

yes you need to specially handle this by checking the error response, there's documentation for it above

it's not the test card, it's, if you do an off-session payment and the payment requires 3D Secure, you get a decline to inspect. The same card but on-session would move the PaymentIntent to the requires_action status instead

it's designed this way because charging a card off-session and having it fail for any reason(decline or 3D Secure) is mostly handled the same way, contacting the customer and having them repeat the payment on-session

This is incorrect. I have tested with 2 different stripe test cards. In the documentation you just sent me, it clearly says to inspect the last payment error decline code. If the payment failed due to an authentication_required decline code, use the declined PaymentIntent’s client secret and payment method with confirmCardPayment to allow the customer to authenticate the payment.

1 of your test cards sets the decline code to authentication_required as suggested by the docs

yep, only the SCA cards do that

The other does not and instead sets the decline_code to generic decline

yep, that's true

Both were SCA cards

the 3220 one is not an SCA card

I 100% agree it's confusing

https://stripe.com/docs/testing#regulatory-cards those are the card specifically for SCA

It is an sca card according to your website?

authentication_required is an SCA-specific decline and we only simulate it with those cards, which doesn't make much sense I agree

SCA cards are the ones I linked. They're the ones where we set up the test mode behaviour to use that special decline code.

I totally agree with you it's confusing and the other cards should either trigger the same behaviour or be removed, and it's feedback we've raised many times, just not a priority for the teams involved.

I see, its kinda hard to explain to my boss that a stripe card does not work for with our system.

I guess if you are sure this is the case I will have to just let him know stripe support have assured me this is intentional.

you can use the other test cards, yep!

the cards we expect you for test of the overall payment flow to use are those 'regulatory' cards , not the 3D Secure-specific ones, which are older. Hopefully this is clearer, sorry it's confusing.

All good. Glad I got to the bottom of it. And apologies @ashen glacier if I came across as rude. Just super worried that the updates to the system for SCA enforcement on 14th could have broken something.