Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Stripe card validation behaves differently in development vs. production

I'm having a weird problem with Stripe (on Rails, but the Rails part is probably irrelevant).

When I fill out my sign-up form in production with a syntactically valid but non-working card number (e.g. 4242424242424242), I get this response when I try to create a token:

sjsonp1389885476573({
  "error": {
    "message": "Your card was declined.",
    "type": "card_error",
    "code": "card_declined"
  }
}
, 402)

When in development I use the "always returns card_declined" card number (4000000000000002), Stripe takes it as if it were perfectly good:

sjsonp1389885473743({
  "id": "tok_3JvncLYlEZ5NMF",
  "livemode": false,
  "created": 1389885584,
  "used": false,
  "object": "token",
  "type": "card",
  "card": {
    "id": "card_3Jvnr4MtIxzzd5",
    "object": "card",
    "last4": "0002",
    "type": "Visa",
    "exp_month": 2,
    "exp_year": 2020,
    "fingerprint": "dWQBpXrSXnyqoOxe",
    "customer": null,
    "country": "US",
    "name": null,
    "address_line1": null,
    "address_line2": null,
    "address_city": null,
    "address_state": null,
    "address_zip": null,
    "address_country": null,
    "address_line1_check": null,
    "address_zip_check": null,
    "cvc_check": null
  }
}
, 200)

So it seems that either this part of Stripe's API is not working as advertised or I myself am making some kind of stupid mistake or something.

I'm kind of at a loss. Any thoughts?

like image 945
Jason Swett Avatar asked Jan 16 '14 15:01

Jason Swett


People also ask

How do you validate cards in Stripe?

Card verification code check (CVC)You can perform CVC verification by providing the CVC value either when you create a payment with a new card payment method, or when you attach a new card payment method to a customer. To re-verify the CVC on a previously saved card, refer to the integration guide on CVC recollection.

What Stripe component's is are responsible for Tokenizing credit card data?

Stripe Terminal encrypts sensitive card information the moment it is presented to the card reader. The reader sends sensitive data to Stripe via end-to-end encryption and tokenizes the card data.

How do I test Stripe in live mode?

To begin, you'll need to log in to your Stripe account. Then click on Payments in the menu at the top of the screen. Next, near the top right corner of the screen, toggle on the Test Mode option. This will show you an overview of the test payments you've received in your Stripe account.

Does Stripe have a sandbox?

To get started, generate your Visa Checkout API key in the Dashboard. There are two keys, a sandbox key that you can use in test mode, and a production key that works in live mode.


1 Answers

I can't attest to the accuracy of the following but it's the best of my understanding. Feel free to set me straight if you know better.

There are two steps that happen when a user creates an account:

  1. Tokenization. This happens via an XHR request.
  2. Account creation. This happens on the server side.

In Stripe test mode, I understand that all numbers that pass the Luhn check will get successfully tokenized, including, significantly, Stripe's special test numbers. Where the (correct) failure will happen is when the server-side account creation happens.

In Stripe live mode, I understand that all numbers that pass the Luhn check will get successfully tokenized EXCEPT Stripe's test numbers. Stripe will reject these numbers precisely because they're Stripe's test numbers.

So the best solution I can think of is to tell the client that Stripe's test numbers will always silently fail in production, and our options are to a) live with that or b) write code that will specifically catch the Stripe test numbers and present an error in production when those numbers are used.

like image 168
Jason Swett Avatar answered Oct 01 '22 23:10

Jason Swett