3D Secure Support about omnipay-stripe HOT 20 CLOSED

In the UK, 3D Secure is just accepted and used most of the time. It offers additional assurance to the vendor, and consumer just kind of accepts it without really understanding what it is for. Of course when there are no goods changing hands - online services where you don't really lose anything if a card turns out to be a stolen number - then 3D Secure can be turned off and the vendor takes the hit.

tl;dr: In the UK, it's big.

from omnipay-stripe.

As the maintainers are not interested in this integration continuing to be usable, I guess we're left with either doing it ourselves or ripping Omnipay out of our projects.

I'd rather the former than the latter. Anyone else interested in working on this?

Without wanting to be divisive, this is the situation with Active Merchant, Spreedly and Omnipay. Which is why you should take a look at our product, you get lots more out of the box with one payments API. We've already updated to the new Stripe API and will be doing so for all our supported gateways - [link removed]

from omnipay-stripe.

There isn't any support for it yet, and there's a general level of suspicion in the community about 3-D secure, it's considered by a lot of people to be a bad idea from a merchant point of view. If someone wants to add it then I'll consider a PR but I have no plans to do so myself.

from omnipay-stripe.

Any update on this?

Keep in mind that the EU's Payment Service Directive 2 requires the use of strong customer authentication for any kind of online payment over 30 EUR.
So you can expect a ban on transactions without 3D secure pretty soon...

from omnipay-stripe.

Right on cue: https://stripe.com/docs/strong-customer-authentication

from omnipay-stripe.

After having a discussion with the Stripe support, I would like to add my own: at the present state, it is impossible on Stripe to save a card token and pay later with 3D Secure, even with the newest Payments API. So, if you wish to support 3D-Secure, your payment should be contextual to the input of the card.

from omnipay-stripe.

So does anyone have a PR for this?

from omnipay-stripe.

How dare you, @barryvdh, ask us to contribute to a software that is given for free, support included? Go back to work, never to be heard until next complaint!

I'm joking: first, please kindly.accept my thanks for such a good software, that I've used in the past for a non profit event, we collected a lot of money that went to poor families that got struck by an earthquake here in Italy. I am thinking about starting work on this feature, but it would be ready in a month or two, because of my schedule. Also, I could need an hand with proper formatting and testing.

Would be ok? Or is there anyone else that is already tackling on this feature?

I would also like to add that it could be maybe possible to add the newest SEPA payment type (automatic EU wire transfer) in a single swoop, while upgrading to the new API.

from omnipay-stripe.

Hi @digitall-it, did you make any progress on this? Here in the UK every merchant I've worked with requires it because it shifts liability onto the card issuer.

I've built my own code to handle Stripe's 3DS on some sites, but this time round needing PayPal Checkout too, have looked at Omnipay thinking it's silly to keep doing my own integrations using the native SDKs. But unfortunately, no 3DS for Stripe, no benefit to Omnipay :(

from omnipay-stripe.

There's a new library that needs to be integrated. The problem with payments is that to contribute with good code, you have to work in a TDD environment. That means that you have to write all sort of tests and have them all pass when you code, so the development is a little slower but a little more reliable.

from omnipay-stripe.

wonder if there is some progress made to this. 3D secure is a big deal in Europe

from omnipay-stripe.

It's actually going to be a regulatory requirement in Europe to require 3DS and more specifically version 2.0 starting April this year

https://www.barclaycard.co.uk/business/news-and-insights/guide-to-strong-customer-authentication

The European Commission has intervened by placing secure customer authentication (SCA) requirements on participants to reduce fraud as one of the core components of PSD2. From the 14 September 2019, the expectation is for all ecommerce transactions to be processed via secured industry protocol such as 3D Secure.

VISA and MasterCard will be mandating that the new version of 3D Secure (version 2.0) should be in place for issuers and merchants by April 2019 in preparation for the mass adoption in September 2019.

from omnipay-stripe.

Not sure if this one helps too https://stripe.com/docs/payments/payment-intents

from omnipay-stripe.

+1 for this too

from omnipay-stripe.

Any comment on whether Stripe's new payment intent is going to be integrated with Omnipay to comply with SCA?

from omnipay-stripe.

As the maintainers are not interested in this integration continuing to be usable, I guess we're left with either doing it ourselves or ripping Omnipay out of our projects.

I'd rather the former than the latter. Anyone else interested in working on this?

from omnipay-stripe.

Sorry, but I don't currently have time to work on this and I'm also not using Stripe at the moment.

If anyone is up for a PR I'm happy to review it though. Not sure what the impact would be.

from omnipay-stripe.

After having a discussion with the Stripe support, I would like to add my own: at the present state, it is impossible on Stripe to save a card token and pay later with 3D Secure, even with the newest Payments API. So, if you wish to support 3D-Secure, your payment should be contextual to the input of the card.

You can tokenise a card and re-use it if the new payment is flagged correctly and meets the rules, this depends on what kind of payment you are doing. If it's MOTO for example then 3D Secure doesn't apply. Plus “low-risk transactions” where the payment provider can do a risk assessment if their’s or the bank’s overall fraud rates for card payments do not exceed certain thresholds; or the value of the transaction is lower than €30, but not if the total sum of the 5 previously exempt transactions is greater than €100 (!). What Stripe haven't done yet is added the ability to flag MOTO correctly in their API.

from omnipay-stripe.

@nickdunse it's fine to be provide feedback, but please don't promote commercial services like this. I've removed your link.

from omnipay-stripe.

@nickdunse it's fine to be provide feedback, but please don't promote commercial services like this. I've removed your link.

Cool, no problem. I'm here to help regardless I spend 100% of my time working with payment providers, so feel free to ask any questions.

from omnipay-stripe.