Stripe payments not validating amount

Question

I'm working on stripe integration and noticed that to generate token I'm able to provide amount and when using generated token I'm able to provide different amount and seems that stripe is fine with that. That's a little bit strange since I'm noticing user about one amount but I'm capable to charge with larger amount for example.

Integration type: https://stripe.com/docs/checkout

Note, that I'm using test account ( Visa Approved: 4242424242424242 ).

For example:

Frontend:

Backend:

$gateway = Omnipay::create('Stripe');

$gateway->initialize(array(
    'apiKey' => 'sk_test_xxxx',
));

$response = $gateway->purchase([
    'amount' => 21.00,
    'currency' => 'usd',
    'name' => "name",
    'description' => "description",
    'zip_address' => "",
    'metadata' => [
        'name' => "name",
        'user_id' => "id"
    ],
    'token' => "tok_xxx",
])->send();

As you can see here I provided larger amount ( 21USD ) than noticed user ( 20USD ) and Stripe is totaly fine with that, response:

"object" => "charge" "amount" => 2100 "status" => "succeeded"

Is it normal?

Ywain · Accepted Answer

This is expected behavior -- the data-amount and data-currency parameters that are provided to Checkout are used for display purposes only. You can also not provide those parameters at all (e.g. if you're collecting card information to update a customer's saved card and are not going to immediately charge anything).

It is every merchant's responsibility to display the correct amount and currency that will actually be charged, otherwise they risk exposing themselves to chargebacks and disputes from their customers (which could in turn lead to Stripe closing the account if the chargeback rate is too high).

If you have more questions or concerns about this, I recommend that you reach out directly to Stripe's support at https://support.stripe.com/email.

Stripe payments not validating amount

Answers (1)

Related Questions