CRITICAL: Since update - no payments taken: "failed to create stripe review object" on mobile and returns to cart on desktop

[gingerling]

Hi Since updating for the new SCA measures, I have had no payments come through

I checked and found that on desktop, when you submit payment you are returned back to the first step in the cart process.

https://youtu.be/1Fcb1rRkwAk

On mobile you get an error "Failed to create stripe review object"

To try and fix I reviewed my settings and double checked my api keys, it's all fine. I noticed that stripe still recognises if the wrong card details are put in, so it's not completable broken.

Please can you help ASAP, I'm losing money

[gingerling]

Also I see this, when I try and view stripe transactions - maybe it's related

[gingerling]

I tried to reinstall it, now it won't show up and I have a 500 error when I go to Modules > Payment

[Traumflug]

@gingerling, did you try to find out what's asked here?

https://forum.thirtybees.com/topic/2743-strong-customer-authentication-sca/?do=findComment&comment=30167

[gingerling]

Ok, I've tried, first it made a table in swedish and I got errors on modules > Payment thing

So I deleted that and tried to make it manually, but it was too complicated, and now the query wont run again, it says there is a syntax error.

Don't really know what I am doing tbh, this is all over my head

[gingerling]

hmmm, got it now - got email instructions from the guy who made the plugin, and it worked better

"the most probable culprit is missing table tb_stripereview (you might use different prefix than tb)

Please check in your database that the table exists. You can use this sql query:

show create table tb_stripe_review;

If the table exists, it should display something like this:

CREATE TABLE `tb_stripe_review` (
  `id_stripe_review` int(11) NOT NULL AUTO_INCREMENT,
  `id_order` int(11) unsigned NOT NULL,
  `status` int(11) unsigned NOT NULL DEFAULT '0',
  `id_review` varchar(255) DEFAULT NULL,
  `id_payment_intent` varchar(255) DEFAULT NULL,
  `id_charge` varchar(255) DEFAULT NULL,
  `captured` tinyint(1) DEFAULT NULL,
  `test` tinyint(1) DEFAULT NULL,
  PRIMARY KEY (`id_stripe_review`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

please check that the result is the same. If not, let me know.

If the result of the show table query is something like this: Table 'ps17.tb_stripe_reviews' doesn't exist then you need to create it. The easiest way is to copy and paste the whole CREATE TABLE statement above.

(Traumflug added some formatting)

[gingerling]

There is an issue though as my table prefix seems to be PS still - it allowed the stripe module to work but I still got the error: "failed to create stripe review object"

[gingerling]

Now I corrected that, the module works and I see the normal options under module > pagments but I still get the error

An error occurred:

Failed to create stripe review object

I then noticed that there were some tables with ps1_ as the prefix so I made the table with that too, but I still have the error

I suppose technically this is different to before as before, on desktop it just refreshed the cart, but now it has the same error as mobile.

[getdatakick]

It's different. Now it complains about stripe transaction object. So rinse and repeat, this time it's <PREFIX>_stripe_transaction table that's missing or corrupted:

CREATE TABLE `tb_stripe_transaction` (
  `id_stripe_transaction` int(11) NOT NULL AUTO_INCREMENT,
  `id_order` int(11) unsigned NOT NULL DEFAULT '0',
  `type` int(11) unsigned NOT NULL DEFAULT '0',
  `source` int(11) unsigned NOT NULL DEFAULT '0',
  `card_last_digits` int(4) unsigned DEFAULT '0',
  `id_charge` varchar(128) NOT NULL,
  `amount` int(11) unsigned DEFAULT '0',
  `date_add` datetime DEFAULT NULL,
  `date_upd` datetime DEFAULT NULL,
  `source_type` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id_stripe_transaction`)
)

[Traumflug]

Looking at the left column of the screenshot above, your database prefix is neither ps_ nor tb_, but ps1_.

[gingerling]

Hi, I have both ps1 and ps prefixes (don't know why)

I wrote this in a comment last night but must not have submitted it or something.

I did the next step by @getdatakick (well spotted that the error is in fact totally different! I missed that).

I ran it with ps and that didn't work, so I ran it with ps1 and that seems to be working

[gingerling]

HOWEVER, there is a really super serious issue - it looks like when the error message was showing, the payments were still being taken by stripe but no order was being recorded by TB.

I put together the data from tb and stripe to try and build a picture of it. I spoke with my bank to eliminate my test payments, and that leaves me with 3 amounts of money paid from unidentified people and possibly one customer who managed to place an order without being charged (I'm going to have to look into that more to understand it).

I am going to have to try and find these customers via abandoned carts and explain to them the situation. This is obviously quick a tricky issue, I'm not sure if anything can be done to stop this happening to others? We were lucky, one customer called about the card payment failing, otherwise I would not have known about this issue and it could have gone on longer (I am also a small store so don't get many orders)

[gingerling]

Found two of the three missing orders in abandoned carts, matching the amount in stripe, so that's okay. The third order dosen't match the cart though, so need to talk to the customer I think it is (based on timestamp).

It's worth noting (for anyone else going through this) that the abandoned carts don't match the amount's exactly because they don't include shipping - so you need to look at other factors such as date & time and customer name if that is stated in stripe. Also, the stripe name is the card-holder which doesn't always match the account name (e.g. if wife pays and uses husbands TB account) so you may need to call the customer to check.

I have emailed the customer for the order when I can't find any payment, will see what they say and hopefully get paid another way, if it's missing.

[gingerling]

ps: There has been an 18 month delay in the SCA implementation, so this update could be withdrawn to allow further testing

https://internetretailing.net/themes/themes/uks-fca-delays-psd2-sca-deadline-to-secure-payments--good-or-bad-news-for-consumers-and-retailers-20068

[getdatakick]

The tables <PREFIX>_stripe_review and <PREFIX>_stripe_transaction were introduced in previous version(s) of this module. For example, stripe_transaction table was already present in version 1.1.0, and stripe_review was introduced in version 1.6.0. The last version only added 2 more columns to table stripe_review.

However, in your case, these tables were completely missing. I don't know how this happened, but it definitely wasn't caused by the new version. Most of the people who upgraded didn't encounter any problems or issues.

[gingerling]

OK. I am quite a new user of the module, I have only had it up and running since 8th July and taken 70 payments. I don't believe I have ever updated the stripe plug-in before this latest update. My site was transitioned from prestashop to thirtybees about 2 years ago.

Anyway, lets keep eyes peeled and make sure more folks don't have the issue - it sounds like it would be hard to get to the bottom of it. Thanks so much for your help and work on this plugin, it's a relief to be up to date with secularity x

[gingerling]

Hi, I'm still having issues with this plugin, my sales are about half their normal level. Customers report that once they fill in their card details and click pay, it sends them back to the cart page. It's not affecting every customer.. I'm unavailable at the moment, I will try and hand this bug to my sysadmin.

[gingerling]

Had another issue today, a guy paid for his order, he has it showing as pending in his bank account, but it's not showing on our stripe or on TB. Any chance this is an issue with stripe itself? I'll call them in the morning, but I'm getting to the point where I'm going to need to change to a different system. It really sucks because stripe as being great otherwise.

[Dh42]

If it is showing pending in his account and it is not reporting the payment on your stripe dashboard, that is for sure a problem on stripe's side.

[gingerling]

Ok, summary of ongoing issue:

Since 1st September stripe shows 79 payments, 38 went through, 38 are "pending", 3 are failed/refunded. The "pending" sales total £1716.83.

Stripe customer service said: "You thought this started when you upgraded for SCA, and I can confirm that this is the case.

It seems that there was never a card added to that payment request to be charged. Your developer needs to make sure you have the integration set up correctly so that you are collecting card info and passing it along with the payment intent"

As far as I can tell everything is set up fine, it's maddening that it's 50% of payments failing, not 100% - I would have noticed this sooner.

[getdatakick]

Payment intents are, well, intents. They are not charges. They represent a payment session. And some of these sessions are completed, and some of them are abandoned. That's totally valid.

What happens:

1) Your customer enters your checkout page 2) Thirtybees check if some active Payment Intent exists. If not, it uses stripe api to create new one and associate this customer/cart with it. At this moment, we don't necessarily know much about customer. If customer is logged out, we don't even know email address. Let alone card number. 3) Customer is supposed to complete checkout. If he does, the payment intent will be amended with customer info + payment info (card number,...). But customer can decide not to complete the payment and leave the checkout page. In that case, Payment Intent in stripe still exists and is valid for another few hours.

So, overall, this all doesn't mean that 50% of payments are failing. It means that 50% of your customer doesn't finish the checkout flow. That's very different metric

[gingerling]

right, but this is what my stripe looks like before the plugin upgrade:

This is it after:

Are you saying this change is not down to the plugin update but something else? I thought perhaps it was caused by the additional security features but there don't seem to be any in place yet, at lease from my bank.

[gingerling]

just to be clear - these are not abandoned carts, these people are submitting a payment to stripe and getting an error of some kind (can't replicate, plus it flashes up to quick for them to screenshot). I get phone calls from people saying they are trying to pay but it "isn't working"

[gingerling]

Ok so I actually paid a dev in the end to look at this issue, he has found that one of the recent updates to the plugin means it now sends some info to stripe as soon as a customer lands on the payment page, EVEN if they dont put any info into stripe at all and actually pay with another plugin (my store uses stipe AND PayPal).

I assume this is unintentional, it seems like bizzare behaviour to send unnecessary information to stripe and create excess logs and confusing incomplete payments in the stripe dashboard. I can't imagine I am the only person who will invest significant resources trying to resolve this undocumented and strange behaviour, assuming it is a bug/issue.

I am not trying to be a pita here, or annoy the devs, but this odd issue and the low responsiveness to it has cost me stress, time and money. Please can you consider resolving this issue or documenting it in the plugin so no one else has to go through this please.

[adamus007p]

Hello, on my end i have checked there is no emails ( i have opened separate issue) 2nd thing is that on mobile when i write card numbers and then write expiry date it jump to top so i need to scroll down to see which numbers I type.

[adamus007p]

Hi I can confirm that I have the same problems with newset stripe version.

Any solution to this problem?

[adamus007p]

So, overall, this all doesn't mean that 50% of payments are failing. It means that 50% of your customer doesn't finish the checkout flow. That's very different metric

my test show that 1enty is incomplete where second one in the same time it is completed.

it is like it put every time double information. It make no sense.

[getdatakick]

If you have enabled multiple stripe payments options (say stripe checkout and payment request button), then yes -- each have its own session, thus it's own ID.

How does it affect you?

[adamus007p]

There is a mess, there is a lot of entries and sending a lot of data to stripe. GDPR in EU do not allow it. Stripe see all payments. Maybe some customers do not want to use American payment gateway and prefer local payments.

Now when i pay i see 1 payment finished and on the same time 2nd incomplete. It make no sense.

Is it possible to change it?

[adamus007p]

OK I know what is the problem.

First: there are two types of possible payment.

1. stripe checkout - it transfer to stripe website and you need to type all card details + addres in my case there is no copied address there. Test show me all info email adress etc.

2. Payment using a form on merchant page. Here we have a form on our shop

Here we put only credit/debit card number and pay. There is no needs to add address.

In this method i have no email.

@getdatakick have you check this method too?

Where I have two options on there is two sessions, so why 1payment is completed and 2nd is not completed.

But anyway I am not sure if stripe should send automatically all data to stripe.

[gingerling]

There is a mess, there is a lot of entries and sending a lot of data to stripe. GDPR in EU do not allow it. Stripe see all payments. Maybe some customers do not want to use American payment gateway and prefer local payments.

Now when i pay i see 1 payment finished and on the same time 2nd incomplete. It make no sense.

Is it possible to change it?

Hi, this situation is still ongoing, data is being sent to stripe all the time that should not be there.

All these incomplete payments are people who paid via paypal (I have paypal and stripe options) and they didn't put any info into the stripe card payment area on the website.

The EU is very strict about data control, I'm worried that this is breaking the law.

Is it possible to stop these happening? It didn't used to happen.

[getdatakick]

It would be very hard to implement. The reason is strictly technical.

In order to display card form we need to provide client secret. Client secret is extracted from payment intent object. This means that in order to display card form on checkout page, we need to create PaymentIntent object --> call stripe via server api.

[adamus007p]

Here even when you will add anything to card it will be send to stripe. Even when someone want to use local payment.

When you will add a product you can see it on stripe dashboard.

In US the privacy law is very weak, when in some EU countries is very strict.

Add extra step or page where stripe will be activated.