This morning we were contacted by one of our end customers who had seen multiple attempts by us to claim payments.
The had already contacted their bank, and their bank blocked the card.
So how did we handle it?
After immediately suspended the payment processing engine we investigated the affected payment system (in this case it was our provider that handles the Credit/Debit cards)
Our developers have identified the cause as to be how our system processed certain responses from Stripe. The response we failed to handle correctly was where Stripe blocked a payment due to additional anti-fraud rules that we have asked to be carried out – in this case, the Post Code provided by the user didn’t match that which the bank held on file.
We treated it as though it was a temporary failure – something we should have re-tried and, therefore, after a few seconds we did.
None of the payments had been successful – but the way it works is to create a pre-authorisation to validate the payment and address details.
As the validation had failed the payment was not processed, and the pre-authorisation would have expired.
What have we done?
Obviously, this is not acceptable to our customers, so we have implemented another step in the payment handler, and until validation of the process is complete, manual submission of the retries is in place.
The changes have completed testing and are already in place.
We have reviewed all of our users that could have been affected, and there was one other instance that we failed to handle the response correctly but this was due to an expired card and therefore would not have reached the customer’s bank account.
Header Image – Designed by Freepik