Stripe is a payment processing platform for processing online payment methods for internet businesses. Because the API uses an iframe to process card details, you do not have to worry about been PCI complaint.
In a previous blog, I wrote about how to you can take payments from your customers in a secure manner.
This blog will show you have to set-up a subscription service in Stripe that also allows strong customer authentication, which will be a requirement in Europe from the 14th September 2019 as part of PSD2 regulations.
With these new regulations, your customer experience will require a different user experience in the form of 3D secure.
The big issue here is that if your transactions do not follow the new authentication guidelines, your customer's bank may decline the payment.
The code below shows how you can set-up your subscriptions, so let begin.
In this demo, I have two forms when the page loads I check if Session["PaymentStatus"] is null or empty if it's null or empty I display the subscription form for the customer to enter their details, in this example, I have just hard-coded the values in the controller.
When the form is submitted, I collect the token returned from Stripe and pass it to the controller; this is what makes your site PCI compliant as you are not storing the customer's card details, only the token.
In the controller, I create a new customer and pass the token to the 'CustomerCreateOption.Source', once the customer is created, I retrieve the customer ID from Stripe and the create the subscription, passing in the customer Id created above.
I then create the subscription and then check the status, if the status is incomplete, I retrieve the latest_invoice.payment_intent value, store that in a session and return the page.
I then check for the session value on the page and if it's not null or empty, display the form, this time informing the customer that they need to complete the extra step when the form is submitted, I pass the LatestInvoice.PaymentIntent.ClientSecret value to Stripe along with the customer card details again which triggers the 3D secure pop-up, once done, the subscription is now allowed.