How to handle Stripe 3D Secure when creating a PaymentMethod on the client for multiple charges on the server

1
votes

In my marketplace I have a requirement to:

  • Have a customer enter their card details
  • Once card details are submitted, process multiple charges against that card on the server side

I'm using stripe.js and creating a PaymentMethod on the client side using stripe.createPaymentMethod()

The ID of the PaymentMethod is posted to the server, which then does the following via the Stripe API library for PHP:

  • Retrieves the PaymentMethod from Stripe using the posted ID
  • Creates a Customer on Stripe, specifying the 'payment_method'
  • Creates multiple PaymentIntents, specifying the 'payment_method', the 'customer', 'save_payment_method' as true and 'confirm' as true.

I'm now wanting to handle scenarios where Stripe requires the use of 3D Secure.

Is there any way that 3D Secure verification can take place on the client, prior to the request to the server, whilst using stripe.createPaymentMethod() ?

If not, what alternative do I have?

It seems that a user completing the 3D Secure steps returns only a PaymentIntent. I don't believe I'm able to use this to make multiple charges against the card. This is whole reason for using createPaymentMethod() on the client in the first place.

Any ideas on how to go about this?

1
stripe-payments

1 Answers

4
votes

Is there any way that 3D Secure verification can take place on the client, prior to the request to the server, whilst using stripe.createPaymentMethod() ?

The approach to handle 3D Secure authentication on the client is to either use the confirmCardPayment [0] or handleCardAction [1] methods on Stripe.js. Unless you have specific needs, you would most likely want to use confirmCardPayment and follow this guide here:

https://stripe.com/docs/payments/accept-a-payment

I should note, that both these methods only work to process one payment at a time. In your case, you have multiple payment intents, so you would need to call either of the methods once per transaction. That is, if you have three payment intents you would need to call confirmCardPayment three times, repeating the last step in the guide [2] that many times as well.

This means that it is technically possible (but unlikely) that your users may have to authenticate multiple times to process each of their payments.

Unfortunately, there are really no workarounds for this. Even if you were to setup a user's card with SetupIntents [3] and charge them off-session at a later date, there is still a risk that you would need to bring user's back on-session to authenticate each individual payment intent.

All this being said, the majority of your users probably won't run into a scenario where they would need to authenticate multiple times in a row.

The only other option would be to create a single payment intent that covers the full cost of your product/service, which would allow you to call confirmCardPayment just once.

[0] https://stripe.com/docs/js/payment_intents/confirm_card_payment

[1] https://stripe.com/docs/js/payment_intents/handle_card_action

[2] https://stripe.com/docs/payments/accept-a-payment#web-submit-payment

[3] https://stripe.com/docs/payments/save-and-reuse