Stripe: Setting up a card for future payments that is 3d secure authenticated

Question

I've implemented the steps described in this Stripe tutorial on how to save card information to be used later on (future payments):

https://stripe.com/docs/payments/save-during-payment

This is now implemented and works fine.

I'm doing a 0.5$ charge on the card to trigger the 3d secure authentication process. How it works is that it first checks what is the PaymentIntent status, and if its "action_required" then it redirects to this HTML where I've implemented in JS the following:

function _3dsec(stripe_publishable_key, pi_secret) {
    document.addEventListener("DOMContentLoaded", function(event) {
        var stripe = Stripe(stripe_publishable_key);

        stripe.confirmCardPayment(pi_secret).then(function(result) {
            if (result.error) {
                $("#3ds_result").text("Error!");
                $("#3ds_result").addClass("text-danger");
        }   else {
                $("#3ds_result").text("Card succesfully validated");
                $("#3ds_result").addClass("text-success");
        } 

        })

    })



}

And this also works well, it does the 3D secure authentication if the card requires it. I've been testing only with Stripe cards. and then the idea is that i refund the 0.5$ as it was just used to authenticate the card.

However, in my product the charges are done afterwards. There is only a signup page with the user and payment information and then charges occur as the user is using my product. This works well for cards that dont need the 3D secure authentication, but for the cards that require the authentication I'm not able to create charges later on, and get the "3D secure authentication required" status on the PaymentIntent. And the customer is not able to authenticate it as they are not in the website during that time ("off session").

Is this 3d secure behavior only on the Stripe test cards, or how can I implement future card payments on a card that requires the 3d authentication?

Answer 1

Whether a transaction requires 3D Secure or not is a decision that's entirely up to the cardholder's bank. When 3D Secure is required due to regulations (eg, SCA), Stripe will apply for exemptions whenever possible to limit the likelihood of transactions requiring authentication, but it isn't guaranteed. So, yes, when you go to production it is possible (but unlikely) that your customers will require 3D Secure on each transaction.

for the cards that require the authentication I'm not able to create charges later on, and get the "3D secure authentication required" status on the PaymentIntent. And the customer is not able to authenticate it as they are not in the website during that time ("off session").

In cases when you make payments off-session, you should set the off_session property to true when creating the payment intent:

https://stripe.com/docs/api/payment_intents/create#create_payment_intent-off_session

Doing so tells Stripe to apply for off-session payments exemptions when you're live in production. You can test how these types of payments would behave by using the first regulatory test card in this table:

https://stripe.com/docs/testing#regulatory-cards

In most cases the exemptions should be sufficient and the payment shouldn't require authentication, but there is still a chance that the cardholder's bank will request 3D Secure for the transaction. For those cases, you will need to write logic on your end to notify your customer of the failed transaction and to bring them back on-session to process the payment.