4:57:23 PM <markin> galoshes: thats not a Stripe error message, sure
galoshes
I see that this message is generated on our side, yes. It looks like we're trying to use Stripe::Customer.create and passing in "token" as part of the source hash
and before doing that, we're checking if token actually exists, so as not to pass in a nil value
so if no token, we can just send in nil in this case? No need to validate?
bkrausz joined the channel
cameronpb has quit
HairAndBeardGuy joined the channel
vmayoral joined the channel
HairAndBeardGuy_ has quit
irctc146 has quit
Problem solved! Thank you, markin!
Off I go. Stripe rocks
markin
sweet
sorry for the delay, little party just started here
HeyMan joined the channel
HeyMan
hey guys quick question, so if I use the js api for a custom button, i can access the token and stuff using flask right because its a simple jquery?
vmayoral has quit
or do i have to use node?
markin
HeyMan: anything in the front-end is just jquery and doesn't matter about the back-end
so right
HeyMan
one more quick question(sorry ima noob at front end stuff) how do i set the url in the example code given
HeyMan: there's a couple ways to handle the custom integration, in the token callback you can make an ajax request to your post endpoint, or you can also have a form on that page and in the token callback you append the token as a hidden input to the form and then you submit the form
koriner has quit
ajbeech has quit
galoshes has quit
HeyMan has quit
amunds_ has quit
drale2k joined the channel
TriN joined the channel
TriN
For Transfer Objects and using Connect, how do I find out which Stripe accounts are associated with the Transfer Object?
I see a recipient field
Is there an originator field?
I do not think so.
Likewise, is there a way to query via another API to get the Stripe account associated the Transfer Object?
jake_ joined the channel
jake_
guys, where in dashboard do I enable the Additional Verification? I want to verify against the ZIP and Address.
praboud
TriN: there is only ever one sender/originator of a transfer - the account on which the transfer was made
jake_: it's in account settings, in the general tab
you can enable strict zip verification, but not strict address verification
(AVS is in general of pretty limited fraud detection value)
jake_
I only see DECLINE for CVC and ZIP
what about the address?
praboud
like I said, that's not an option
jake_
so how do I enable address verification?
praboud
like I said, that's not an option
jake_
or use it
so you can not use the address verification like it says in the guide?
sorry
praboud
you can provide the info when creating the charge, and some banks will use it when deciding whether to authorize the charge or not
however, AVS is a pretty poor signal to detect fraud
it's quite common to have spurious AVS failures
brockhaywood joined the channel
so there's no option to strictly enforce that all charges must pass AVS
because it turns out that it's not that useful
jake_
so in your form, you will not ask for ZIP nor address? It is something that I need to pass? If if you enable the ZIP, it will also ask for ZIP in addition to CC?
checkout is essentially designed to be a very pared-down payment flow
asking people to fill out lots of info decreases conversion
jake_
so, what is a good way that we can avoid or minimize the cc fraud? really worried about people using stolen cc's and we having to be responsible for chargebacks???
praboud
and the address is of pretty limited value, for the amount of effort it is to enter the addr
zip & cvc validation catches most of that
also, stripe collects some other information in the background which is used to help detect fraud
ultimately, yeah, you are responsible for chargebacks though, and if you see an order/purchase made which looks suspicious, you shouldn't fulfill it
stripe provides a pretty good set of tools to help fight fraud, but it's pretty hard to have 100% accuracy
jake_
like IP and such? you do machine learning?
praboud
yeah. the ML team has a fairly sophisticated transactional fraud model which uses a bunch of predictors
jake_
But I am not passing that info to you.... or very limited info at best! ??
asheinfeld joined the channel
praboud
you're passing zip & cvc, but also the charge amount, origin of the card, IP, some timing info, etc
jake_
what are the tools you mentioned that we can use?
praboud
I'm not exactly familiar with the secret sauce in the fraud model, though
rdymac has quit
what I meant by that is that if you pass zip + cvc to stripe & turn on strict validation, stripe does a pretty good job of weeding out fraudulent charges
jake_
got it... oh btw... what about a full name? why are you not asking for that too? and can we?
brockhaywood has quit
praboud
it's clearly not the be-all-end-all, but it does a pretty good job
you can pass the full name, but only amex actually uses it
other banks just discard the info
similarly to AVS, it's not all that useful for fraud prediction
jake_
really... wow... did not know.... so you can pass it, but not ask the checkout to ask for it?
praboud
if you make your own form with stripe.js, you can ask for a much larger set of info, and pass that in
but checkout only asks for the bits that have been found to be particularly useful
jake_
got it.... do you think it makes sense to use the service from siftscience.com for fraud protection?
praboud
a lot of checkout forms cargo-cult asking for phone #, address, country, etc, etc, but it's a bit silly
I'm personally not familiar with siftscience, but I've heard good things
jake_
do you think they do more than stripe's team?
praboud
like I said, I have no experience with them, other than chatting with other people
it stands to reason that they would though, because their entire service is to prevent fraud
or, at the very least, they've convinced a bunch of people that this is the case
but idk
jake_
cool.... also, we will be shipping a product (sim) to the customers, do you think it would make sense to say that we will only process orders from customers who's shipping matches the billing address?
praboud
yeah, if you're shipping a physical product, that's a very good way to prevent fraud
or at least do a bit more due diligence when they don't match
jake_
but then, do you think we maybe passing up on some legit orders?
got it
praboud
like, you see people fulfilling orders shipped to indonesia, billed to a us credit card
and it's like "what are you thinking?"
it's a red flag, particularly if there's a big geographic disparity
brockhaywood joined the channel
I might ship something to my office, which is different than my billing addr
jake_
so, the standard process... we process a transaction... but before fulfilling the orders, check that stuff and if we see something odd, where we can not verify, just refund it? is that what people do?
praboud
but I'm unlikely to get a wild hair up, and ship something to russia
yeah, refund it
stripe will also let you mark it as fraudulent when you refund
so it knows that the transaction was bad, and similar transactions should be marked as fraudulent in the future
it helps the model learn
jake_
ahh.. cool.... so maybe one way, we can ask to verify these odd one, by asking them to send a pic of the driver license? or is there another way to do this?
praboud
in particular, it blacklists that card for you
well, but since the bank doesn't validate the name provided, they could show you any drivers license
HairAndBeardGuy has quit
jake_
maybe to validate their address?
praboud
yeah, that would give you some signal if the billing address is validated by the bank
mikesea has quit
jake_
cool... thank you so much for all your help... still learning here....
praboud
I'd just straight up reject transactions where the shipping addr is in a different country
that cuts out a lot of fraud
jake_
but i would have to do it manually, after the fact, right?