#stripe

tr12: Yes, we're probably just leave it for now and continue with our non merchant accounts until Blesta release a better integration such as stripe.js so that card details aren't touching our server - allowing us to go for a less stringent PCI compliance

hmm, yeah

reading their docs a bit, it doesn't sound like they tokenize at all

oof

there's an option in blesta to vault the cards locally

that's... exciting

tr12: It's a terrible integration, we've been told they're working on a new one with stripe.js support so that's a step in the right direction. Until then we'll just have to stick to what we have.

that would be my recommendation, tbh

the fact that they have a tickbox to start vaulting cards on your own server makes me mad, honestly

Magento is really bad too - a ton of sites out there using Magento, don't use Paypal or anything and the CC details just get stored in the DB, viewable cleartext in Dashboard and everything..

that's practically "tick yes to shoot self in foot"

providing that option is practically negligent

urgh

Yeah

kaylined: ooc, do you know of magento plugins that store PANs in cleartext?

I feel like visa could have a field day with those

just figure out who uses that plugin, then play the "surprise PCI audit" game

trying to find the print screen button on my laptop..

just clearing some personal details in paint quickly..

in practice, visa/mc don't really care until you get compromised in a way that affects a material number of customers

but in theory, at least, the rules still apply

I think this is part of the reason why braintree has an officially supported plugin

Hello

does anyone know why this error occurs? stripe.subscriptions.create Cannot read property 'create' of undefined

does stripe.subscriptions not exist?

It sounds like you're on an old version of the stripe library

What version of Stripe-node are you using?

^3.9.0

"stripe": "^3.9.0",

crap.. i think i see why

install would only go up to 4.0

Yup

Hello guys! Super quick question: this endpoint seems to be undocumented: https://api.stripe.com/v1/transfers/{transfer_i...

Can we use it?

Guest76780: you shouldn't

The balance transaction api let's you specify a transfer id which is the suggested method

What should I do if I need this data? (details of a transfer)

The balance transaction endpoint doesn't give me the payments included on that transfer

I need to breakdown the transfer so I can generate an extract report

It does, you can specify a transfer id which will give you all the balance transaction that went into it

The balance transaction is tied directly to a charge / refund / dispute / etc

ah ok, I see! thank you for clarifying!

hello?

Hi eric_

Hello, what are the possible statuses of a stripe charge if the try goes through other than "succeeded"?

Failed

so there isnt like a pending one or something like that?

Not for credit cards

ok great ty

With 3D secure, should I have unlimited purchases for customers since i dont have to worry about fraud?

Its kinda bold but what do you think?

Why weren't you offering unlimited purchases before?

because ive had tons of chargeback disputes

There's also more types of chargeback disputes than fraud

They can say that they didn't get what they paid for for instance

Yeah but if I deliver and have logs and proof i should be good

It depends

You have to prove you deliver what was marketed

Eg if you market a great product but it stinks you might lose that dispute

marketed in what way? I have both 3rd party log and my own

i sell virtual goods

It all depends on your specific business, every business and business model is unique and has their own tolerance

yea

It seems that the creation of 3d secure source isnt declining test fail cards

Maybe something for feedback?

That sounds expected since no auth is done yet

ye but it wont catch card exception then

There shouldn't be any card exceptions creating a 3ds source from a token

ook

Ive notied a strange thing when I try to use test card that fails, the js source.poll says chargeable before i even get to the 3d secure step and submits

4100000000000019

when i use 3d secure test card it says pending before 3d secure step

oh I see now in docs , but this should be fixed imo

What did you find in the docs?

No verification required

Yeah that will happen if the card is not enrolled in 3ds

I would like to really require the card to be 3d secured

is it possible to check it when creating card source or 3d source+

Requiring 3ds for all charges may greatly decrease your sales

Like in the US 3ds hasn't really rolled out

Gotcha but I would rather have sales decreased than taking any risk with having an open payment gateway

Like I said , Ive had problems with disputes , probably more fraud purchases than real ones

Well dropping sales in half while reducing fraud 10% might not make the most economic sense

They cant say they didnt make the charge atleast

and the disputes are very annoying to get , waste of time

Is there a way to require the 3d secure from server side? The thing you sent only checks if its required, optional or not supported

Its not really forcing

Well if it's required or optional you would continue the flow and if not stop the flow / block the charge

yeah but if its optional it seems like it would be skipped

Optional means the card can be processed with or without doing the 3ds flow

Some cards like maestro cards require 3ds