3D Secure Support #79
Comments
|
There isn't any support for it yet, and there's a general level of suspicion in the community about 3-D secure, it's considered by a lot of people to be a bad idea from a merchant point of view. If someone wants to add it then I'll consider a PR but I have no plans to do so myself. |
|
In the UK, 3D Secure is just accepted and used most of the time. It offers additional assurance to the vendor, and consumer just kind of accepts it without really understanding what it is for. Of course when there are no goods changing hands - online services where you don't really lose anything if a card turns out to be a stolen number - then 3D Secure can be turned off and the vendor takes the hit. tl;dr: In the UK, it's big. |
|
Any update on this? Keep in mind that the EU's Payment Service Directive 2 requires the use of strong customer authentication for any kind of online payment over 30 EUR. |
|
After having a discussion with the Stripe support, I would like to add my own: at the present state, it is impossible on Stripe to save a card token and pay later with 3D Secure, even with the newest Payments API. So, if you wish to support 3D-Secure, your payment should be contextual to the input of the card. |
|
So does anyone have a PR for this? |
|
How dare you, @barryvdh, ask us to contribute to a software that is given for free, support included? Go back to work, never to be heard until next complaint! I'm joking: first, please kindly.accept my thanks for such a good software, that I've used in the past for a non profit event, we collected a lot of money that went to poor families that got struck by an earthquake here in Italy. I am thinking about starting work on this feature, but it would be ready in a month or two, because of my schedule. Also, I could need an hand with proper formatting and testing. Would be ok? Or is there anyone else that is already tackling on this feature? I would also like to add that it could be maybe possible to add the newest SEPA payment type (automatic EU wire transfer) in a single swoop, while upgrading to the new API. |
|
Hi @digitall-it, did you make any progress on this? Here in the UK every merchant I've worked with requires it because it shifts liability onto the card issuer. I've built my own code to handle Stripe's 3DS on some sites, but this time round needing PayPal Checkout too, have looked at Omnipay thinking it's silly to keep doing my own integrations using the native SDKs. But unfortunately, no 3DS for Stripe, no benefit to Omnipay :( |
|
There's a new library that needs to be integrated. The problem with payments is that to contribute with good code, you have to work in a TDD environment. That means that you have to write all sort of tests and have them all pass when you code, so the development is a little slower but a little more reliable. |
|
wonder if there is some progress made to this. 3D secure is a big deal in Europe |
|
It's actually going to be a regulatory requirement in Europe to require 3DS and more specifically version 2.0 starting April this year https://www.barclaycard.co.uk/business/news-and-insights/guide-to-strong-customer-authentication
|
|
Right on cue: https://stripe.com/docs/strong-customer-authentication |
|
Not sure if this one helps too https://stripe.com/docs/payments/payment-intents |
|
+1 for this too |
|
Any comment on whether Stripe's new payment intent is going to be integrated with Omnipay to comply with SCA? |
|
As the maintainers are not interested in this integration continuing to be usable, I guess we're left with either doing it ourselves or ripping Omnipay out of our projects. I'd rather the former than the latter. Anyone else interested in working on this? |
|
Sorry, but I don't currently have time to work on this and I'm also not using Stripe at the moment. If anyone is up for a PR I'm happy to review it though. Not sure what the impact would be. |
Without wanting to be divisive, this is the situation with Active Merchant, Spreedly and Omnipay. Which is why you should take a look at our product, you get lots more out of the box with one payments API. We've already updated to the new Stripe API and will be doing so for all our supported gateways - [link removed] |
You can tokenise a card and re-use it if the new payment is flagged correctly and meets the rules, this depends on what kind of payment you are doing. If it's MOTO for example then 3D Secure doesn't apply. Plus “low-risk transactions” where the payment provider can do a risk assessment if their’s or the bank’s overall fraud rates for card payments do not exceed certain thresholds; or the value of the transaction is lower than €30, but not if the total sum of the 5 previously exempt transactions is greater than €100 (!). What Stripe haven't done yet is added the ability to flag MOTO correctly in their API. |
|
@nickdunse it's fine to be provide feedback, but please don't promote commercial services like this. I've removed your link. |
Cool, no problem. I'm here to help regardless I spend 100% of my time working with payment providers, so feel free to ask any questions. |
It appears that the Stripe Plugin doesn't support 3D secure cards.
https://stripe.com/docs/testing#3ds-cards
https://stripe.com/docs/sources/three-d-secure
Looking at other plugins such as thephpleague/omnipay-sagepay appear to have this support.
Is there support for adding in such functionality?
The text was updated successfully, but these errors were encountered: