#JulesR - Fraud

Hello! What's up?

For Fraudulent test card: 4000000000000259 With default account settings, charge succeeds, only to be disputed as fraudulent. This type of dispute is protected after 3D Secure authentication. -- the test order went through for me. We use Connect express. how do i know if 3D secure is on

is it a setting i turn on or off

Yep, you can manage that here: https://dashboard.stripe.com/test/settings/radar/rules

cool, but for py_1Kq1xPPGVGxmVWr0KHN8fLsd it was using fraud card that was covered by 3D but i don't see a fee

The Payment Intent associated with the Transfer that created that Charge was set to off_session, so it was not possible to run 3D Secure.

ok so dev needs to be able to turn that on for any client that wants it, then it would show it as fraud ?

where is api to set that pls

That's not exactly how it works. You're making an off-session payment, so the customer is not around to provide 3D Secure authentication.

At a higher level what are you trying to build?

this is using our POS, for manual card checkout - so i entered that card on checkout and it went through

3D Secure does not apply to point-of-sale transactions where the customer is physically present.

3D Secure is only for online payments.

our pos is online, cloud

web based

i can't try card as an ecom order and see

but I am confused, do you think that our system is already set up to check for 3-D already, or it needs to be turned on

or it's always on but not for this order type?

To clarify, you're building something so people can take in-person payments with the customer literally standing right in front of them?

Yes, using terminal, but on checkout there is option to manually enter a credit card too - ie, if at offsite event and don't have terminal to swipe

Stripe does not support in-person payments without Terminal. I think you're running into issues caused by using Stripe for a use case it wasn't designed for.

ok so try as ecom order then

You should absolutely not be prompting people for 3D Secure in person on a device that does not belong to them, for example.

let me check if we are

If you want people who are physically present to pay for something and you don't want to use Terminal you should give them a URL to type in or a QR code to scan that sends them to a payment page they can use on their own device.

Ok, where is api on that please, to use QR code?

This is how we have currently

it's like this if not hit Card Manual

We don't have an API for QR codes, you would need to handle that on your end.

we did this becuase in our current implementation with WorldPay and open edge, which we are retiring, sometimes the terminal goes down and cannot connect, so this gave away to checkout when terminal went rogue

Keying in card details yourself opens you up to all kinds of PCI compliance burdens. Are you fully PCI compliant for handling raw card data like that yourself?

for stripe?

or for WorldPay?

If you, as in the person running the POS device, are typing in card details manually you're opening yourself up to a lot of PCI compliance burdens.

Both are embedded solutions so cards are not hitting our server

We do not recommend you fall back to typing in card numbers when using Stripe Terminal unless you are fully PCI compliant to do so specifically.

It doesn't matter that the cards aren't hitting your server, the person at the POS device is handling the raw card details.

Have a look here: https://support.stripe.com/questions/manually-enter-card-details-using-stripe-terminal

Please read through that article and let me know how you want to proceed.

we will convert it to a QR code or link, thanks.

can close this, thx