Skip to content

Instantly share code, notes, and snippets.

@shivrajbadu

shivrajbadu/stripe_changes.md

Last active August 2, 2019 08:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save shivrajbadu/88b33cdb8581ee9d5b5ad248c1e9f447 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save shivrajbadu/88b33cdb8581ee9d5b5ad248c1e9f447 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
stripe_changes.md

Terms

  • SCA: Strong Customer Authentication
  • off-session payments: We can make payments when customer is offline (example: recurring payments for our subscription) for this we need to flag first time payment with SCA and pass that in API.
  • recovery flow: While Stripe requests exemptions to reduce the need for customer reauthentication, there is always a risk that the cardholder’s bank will reject the exemption request. We should always build a recovery flow to bring a customer back on-session in case they need to authenticate again.
  • Flagging subsequent transactions. Any payment made with a saved card when a user is off-session must be marked accordingly, with reference to the first authenticated transaction. Stripe handles this for you.
  • Mandate collection. A mandate represents the agreement you have with the customer on how you plan to use their card in the future. In your checkout flow, add some consent text. State that by completing checkout, the customer consents to your initiation of payment on their behalf. State the anticipated frequency of payments. Explain how the amount of the payments will be determined.

Changes required:

Stripe.js

https://stripe.com/docs/stripe-js

  • Change to v3 stripe.js (file name: purchase_subscription.html.haml)
- content_for(:head) do
  = javascript_include_tag "https://js.stripe.com/v3/"
  = tag :meta, :name => "stripe-key", :content => Rails.configuration.stripe[:publishable_key]

Replace charge API with PaymentIntent

https://stripe.com/docs/payments/payment-intents

curl https://api.stripe.com/v1/payment_intents \
-u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
-d amount=1222 \
-d currency=usd

For recurring payments changes

Stripe products and APIs now allow merchants to meet SCA requirements for off-session payments:

  • Mandate collection. A mandate represents the agreement you have with the customer on how you plan to use their card in the future. In your checkout flow, add some consent text. State that by completing checkout, the customer consents to your initiation of payment on their behalf. State the anticipated frequency of payments. Explain how the amount of the payments will be determined.

  • Strong authentication of the first transaction. Merchants are required to authenticate the customer when the mandate is set up. This can either be done by the first payment with the card or when saving the card to a customer without making an initial payment.

  • Flagging subsequent transactions. Any payment made with a saved card when a user is off-session must be marked accordingly, with reference to the first authenticated transaction. Stripe handles this for you.

NOTE: By updating your payments integration to use these new APIs and flows, Stripe can request exemptions such as fixed-amount subscriptions and merchant-initiated transactions to process later payments made with a saved card. However, banks can decide to reject a request for exemption. Build a way to notify customers that they need to return to your application and complete authentication if required.

Migration guide

https://stripe.com/docs/payments/payment-intents/migration

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment