#sahildev-3ds

hi there! are you having trouble with how to present the 3DS challenge flow to your customer?

yes i am having trouble in it.

are you using the Payment Element to collect payment method details from your customers? i.e. https://stripe.com/docs/payments/payment-element?

No i am using the api's

This is hjow i am creating the payment intent

This is the response and after clicking on the stripe three_d_secure_redirct link , it redirect me to the authentication page

where i need to authenticate 3d secure .
but after the validate myself it gives me this message.

is there a reason why you're not using the Payment Element to collect payment method details?

Because we need to add the customized stripe cards payment.

how do you create the payment method i.e. the pm_xxx object?

using the api only.

what you should do is to follow this guide : https://stripe.com/docs/payments/quickstart to collect payments from your customer

ok

if you follow that guide, the implementation will also handle 3DS

But i have integrated all the tthings just need to know that when i successfully validate my 3d secure then why not my transaction move to succeed.

ok i will try this one also.

why it gives me this message again and again.

i'm not sure i understand your question. That's just a message which tells you that 3DS succeeded

ah ok wait .
let me explain you all the proicess first might be it would help us both.

because it's been 4 days today and i could not solve it.

What i want it that

1. User login into my system and add his cards into stripe . (which is done )
2. Then at the payment time he needs to select his card and re enter the cvc .
3. After entering the cvc and submitting, i am hitting the payment intent api with the above screenshot details and it is giving me the status

{
"id": "pi_1DrNBJ2eZvKYlo2CXQCh5Pwi",
"object": "payment_intent",
"amount": 2000,
"amount_capturable": 0,
"amount_details": {
"tip": {}
},
"amount_received": 0,
"application": null,
"application_fee_amount": null,
"automatic_payment_methods": null,
"canceled_at": null,
"cancellation_reason": null,
"capture_method": "automatic",
"charges": {
"object": "list",
"data": [],
"has_more": false,
"url": "/v1/charges?payment_intent=pi_1DrNBJ2eZvKYlo2CXQCh5Pwi"
},
"client_secret": "pi_1DrNBJ2eZvKYlo2CXQCh5Pwi_secret_wx8kjhsOZnAz6axvBPGFXUww7",
"confirmation_method": "automatic",
"created": 1547202245,
"currency": "usd",
"customer": null,
"description": null,
"invoice": null,
"last_payment_error": null,
"livemode": false,
"metadata": {},
"next_action": null,
"on_behalf_of": null,
"payment_method": null,
"payment_method_options": {},
"payment_method_types": [
"card"
],
"processing": null,
"receipt_email": null,
"redaction": null,
"review": null,
"setup_future_usage": null,
"shipping": null,
"statement_descriptor": null,
"statement_descriptor_suffix": null,
"status": "requires_payment_method",
"transfer_data": null,
"transfer_group": null
}

"requires_payment_method" this is the status

then when i read the document to resolve it then it says that you need to do the 3d secure authenticate to confirm payment.

then i calkl the payment intent confirm api , where i get the 3d secure url .

and when i validate the 3d secure then it gives me status "require_action"

so now this is happenning .
How you got it now.

and my payment was still in this status only not in success.

my first question here is why are you creating the PaymentMethod via the API? We actively discourage you from doing this because by handling raw card numbers directly you become subject to the full PCI compliance standards. In your case this means you’d have to submit a SAQ D form annually to prove that you are PCI compliant. It’s a 40 page form. See https://stripe.com/docs/security/guide#validating-pci-compliance under "API Direct" as this is what your integration would be classified as.

are you sure you want to continue using the API to create Payment Methods?

yes but it has some transactions limits that you can do.

If you’re processing more than 6 million transactions per year with Visa or MasterCard, or more than 2.5 million transactions with American Express, or are otherwise deemed to be a Level 1 provider by any of the card networks, you are not eligible to use a SAQ to prove PCI compliance. Payment brands require you to complete a Report on Compliance (RoC) to validate your PCI compliance annually.

that paragraph says that you cannot use SAQ to prove PCI only if you process > 6 million transactions per year with Visa or MasterCard....etc

since you're processing < 6 million transactions per year, you should use SAQ to prove PCI

so basically means i cannot use api's right.

you can if you're willing to fill up a 40 page form

ah ok .

so if you don't want to fill up the SAQ D, you should follow this guide : https://stripe.com/docs/payments/accept-a-payment or https://stripe.com/docs/payments/quickstart

so i cannot proceed with api's ?

need to integrate the stripe with react element right

are you willing to fill up the SAQ D form?

like i mentioned, the choice is up to you

if you're not willing to fill up the SAQ D form, then you should not use the API to create PaymentMethods. You can use any of the options listed here in the guides : https://stripe.com/docs/payments/accept-a-payment or https://stripe.com/docs/payments/quickstart
If you're willing to fill up the SAQ D form, then you can use the API to create PaymentMethods

to answer your question about 3DS using the API. If the PaymentIntent is in requires_action status [0], you can display the 3DS flow on your site using either confirmCardPayment [1] or handleCardAction [2] : https://stripe.com/docs/payments/3d-secure#when-to-use-3d-secure

[0]https://stripe.com/docs/payments/intents
[1] https://stripe.com/docs/js/payment_intents/confirm_card_payment
[2] https://stripe.com/docs/js/payment_intents/handle_card_action