Support » Plugin: WooCommerce Stripe Payment Gateway » Possible bug with duplicate charge?

  • Resolved Johan Yourstone

    (@jyourstone)



    Hello,

    I’m using Stripe 3.2.3 and another payment gateway called Swish. A customer was recently debited twice for one order and I seem to have found a bug.

    This is what happened:

    A customer tried to pay with the payment method Swish but didn’t follow through with the payment and went back to the payment page (without canceling the purchase).
    The customer then chose Stripe and followed through with payment and was debited for the purchase.

    After this, the payment method Swish timed out and the order status was set to “failed”. Shortly after Stripe set the order status back to “processing” and debited the customer again.

    I’ve refunded the first payment now. Somewhere there’s a bug and I’m not sure if it’s with your plugin, Stripe or Swish. So I’m contacting everyone. When Swish timed out it shouldn’t set the status to “failed” if it was already payed with another payment method. But Stripe shouldn’t charge a customer again if the order is already payed for either.

    Best regards,
    Johan Yourstone

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author royho

    (@royho)

    This is really no one’s fault because if an order can go through the checkout, a payment gateway will process the order as is. There is no way for one payment gateway to know if another payment gateway has successfully charged the order or not. Its just a fluke if you will or bad timing.

    I understand what you’re saying but I disagree.

    Even if a plugin can’t know if a payment has been made with another plugin, it should at least know if the payment has already been charged with its own payment method, like in this case where Stripe charged the payment twice.

    Calling it a fluke or bad timing is not something I can tell the customer that has been debited twice, they now have to wait up to 5-10 days before they get their money back.

    I strongly think that this issue needs to be addressed somehow. A possible solution would be, for this Stripe plugin, to check if an order has already been charged with the same order ID.

    How come the Stripe plugin made a second payment call, when the first succeeded?

    Plugin Author royho

    (@royho)

    That was not how I read your OP. You did not state that Stripe made a charge twice. I understood it as Swish made a charge after the timeout issue and then Stripe made a charge after.

    With that said, it is also quite difficult to know if the issue lies with your site or something else. Do you have any way for me to replicate this behavior?

    I’m sorry if I wasn’t clear enough in my OP.

    Hmm well, I guess it’s hard to replicate without using the Swish plugin. I’m contacting the developer there as well.

    The only way I could replicate this is if I made an order with Stripe, then set the payment to “failed” in admin. I then refreshed the order confirmation page which then said the order failed and that I would need to pay again. Which I did and then a second charge was made.

    I’m not sure if that qualifies as a bug though since the customer actively has to pay the order again. And I’m not sure if that’s what my customer did, I’ll see if I can contact them about it.

    Plugin Author royho

    (@royho)

    When Stripe 4.0 is released ( expected sometime next month ) you can test that as it has idempotency in place to prevent duplicate charges.

    • This reply was modified 9 months, 2 weeks ago by  royho.

    That was actually the version I tested with (I was running Stripe 4.0 on my staging site).

    Tested again with 3.2.3 with the same results.

    Plugin Author royho

    (@royho)

    Try logging your POST headers and see what idempotency header it is passing. Normally it should be something like order id – source id so perhaps either one or both information is different and thus causing Stripe to think they’re two different charges.

    Plugin Author royho

    (@royho)

    After thinking about it, the method you’re using to replicate will not work because if you flag the order as failed and reload the checkout to pay again, then of course the source will be different and hence the idempotency will be different.

    But I do know we have in place the idempotency in case during a Stripe charge ( not any other issues ) if the connection between the site and Stripe times out, is when the idempotency will prevent the duplicate charge.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Possible bug with duplicate charge?’ is closed to new replies.