Learn how you can block different types of payments when using the Stripe payment provider with Umbraco Commerce.
Out of the box, Stripe implements a lot of security features for you, making payments safe and secure by default. You may still have a need to provide additional security steps of your own.
If you are based in the EU selling digital goods it would be a requirement to capture two forms of proof of a customer's location for VAT purposes. One recommended way is to capture the customer's billing country, and bank country, and ensure these are the same. The Stripe payment provider allows you to set this up in a few steps.
The first step is to ensure you are capturing the customer's billing address or more specifically, the billing address country. Learn how to do this in the core Umbraco Commerce documentation.
As long as you have populated your orders billing country, it will automatically be sent to Stripe using custom metadata on the transactions customer entity. This will be passed via a metadata entry on the Stripe customer with the key billingCountry
, with the value of the two-letter ISO code of the given country.
In order to configure custom Radar rules you need to sign up for the Radar for Fraud Teams added feature. This does incur an additional fee per transaction, however, the added security will outweigh the minimal expense.
To enable Radar for Fraud Teams follow these steps:
Log in to your Stripe dashboard.
Navigate to the Settings > Product Settings > Radar Settings section.
Enable the Radar for Fraud Teams feature, allowing us to define custom Radar rules.
To set up a new Stripe Radar rule, follow these steps:
Navigate to the Radar > Rules section.
Locate the Then, when should a payment be blocked? panel.
Click the Add rule button to add a new rule.
Enter the following rule in the dialog:
Click the Test rule button to test the rule.
Click the Add and enable button to add the rule to the list of block rules.
The rule test may fail when you click the Test rule button due to there being no transaction with the given metadata being attached to them. You will, however, be able to continue regardless.