Behind a Charge for DevRelJP meetup

Transcript

1. Behind a Charge 8/27 Yasuhiko Tokunaga D E V R

   E L J P I N E N G L I S H

2. Yasuhiko “Toku” Tokunaga • Born in Iruma, Saitama. • User

   Operations at Stripe since 2016. • Twitter: y_toku

3. What’s Stripe? D E V R E L J P

   I N E N G L I S H

4. Traditional payments matrix SELLER Processor American Express JCB ISO Mastercard

   Merchant Acquirer Other payment instruments VISA Depository institutions Fraud Business analytics Instant payouts Tokenization Automatic card updates PCI audits VAT Reporting International Currencies Payment methods Local routing GST

5. International Currencies Payment methods Local routing GST PCI audits VAT

   Reporting Processor American Express JCB ISO Mastercard Merchant Acquirer Other payment instruments VISA Depository institutions Fraud Business analytics Instant payouts Tokenization Automatic card updates SELLER Stripe abstracts away traditional 
 payments hurdles

6. 139+ currencies 3DS APMs Android Pay Apple Pay Card updater

   Checkout Dashboard Disputes Elements International support Metadata Mobile SDKs PCI compliance Plug-ins Reporting Sources Tokenization Webhooks Core payments I N T E G R AT E D PAY M E N T S P L AT F O R M

7. Coupons Enable add-ons Integrated webhook support Tiered pricing Metered billing

   Multiple plan support Per-seat plan support Smart retry logic Trial periods Subscriptions Adaptive machine learning algorithms Custom rules Dynamic adaption API Fraud automation API Payments review UI Real-time insights Radar Staggered account creation Pre-built components for recipient onboarding, account management and verification Support for a fully customized UI Funds routing infrastructure to support any business model International support Support for payouts to 25 countries Connect I N T E G R AT E D PAY M E N T S P L AT F O R M

8. Behind a charge What’s happening when you purchase something on

   Stripe network with your credit card? D E V R E L J P I N E N G L I S H

9. 26584673 ?

10. 0 0 0 0 0 0 : .

11. 6 8 8 0 0 0 : .

12. 26584673 Stripe API infrastructure Card network ML-based
 fraud prevention

13. 26584673 Stripe API infrastructure Card network ML-based
 fraud prevention

14. S T R I P E A P I I

    N F R A S T R U C T U R E Velocity Scalability Availability Security

15. P C I I N F R A S T

    R U C T U R E A P I B A C K E N D I N F R A S T R U C T U R E API backend Front-end Server 2 Front-end Server 1 Front-end Server 3

16. A Z 2 load balancer app app DB a DB

    b A Z 3 load balancer app app DB a DB b A Z 1 load balancer DB a DB b app app F L E X I B I L I T Y & AVA I L A B I L I T Y

17. F L A S H S A L E

18. 26584673 Stripe API infrastructure Card network ML-based
 fraud prevention

19. ISO 8583 Format

20. None

21. require "stripe" Stripe.api_key = "BQokikJOvBiI2HlWgH4olfQ2" Stripe::Charge.create( :amount => 1400, :currency

    => "jpy", :source => { :number => "4242424242424242", :exp_month => 2, :exp_year => 2020, :cvc => "314" }, :description => "αϯϓϧܾࡁ" )

22. require "stripe" Stripe.api_key = "BQokikJOvBiI2HlWgH4olfQ2" Stripe::Charge.create( :amount => 1400, :currency

    => "jpy", :source => { :number => "4242424242424242", :exp_month => 2, :exp_year => 2020, :cvc => "314" }, :description => "αϯϓϧܾࡁ" )

23. 0 1 0 0 F 2 3 C 6 4

    8 1 0 8 E 0 8 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 4 1 0 4 2 4 2 4 2 4 2 4 2 4 2 4 2 4 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 4 0 0 1 1 0 1 0 1 3 9 5 8 6 6 8 7 8 5 1 8 3 9 5 8 1 0 3 1 2 1 0 4 3 5 2 2 0 8 4 0 0 1 2 0 5 9 0 6 4 9 8 0 3 0 F 6 F 3 F 0 F 6 F 0 F 1 F 6 F 6 F 8 F 7 F 8 F 5 F 4 C 3 F 2 E 9 E 8 C 2 F 1 E 8 E 2 F 1 D 7 D 3 D 1 D 1 D 2 E 7 E 7 C 2 E 3 F 0 C 3 E 8 C 4 C 7 D 9 C 1 C 9 D 5 4 0 6 0 4 0 C 7 D 6 F 1 F 4 F 4 F 1 F 2 F 1 4 0 4 0 4 0 4 0 4 0 4 0 4 0 4 0 4 0 E 2 C 9 D 5 C 7 C 1 D 7 D 6 D 9 C 5 4 0 4 0 4 0 4 0 E 2 C 7 0 8 4 0 0 5 0 0 0 0 0 0 0 0 0 7 0 5 8 0 0 0 0 0 0 0 0 0 0 E 0 0 4 0 0 0 0 0 0 0 0 0 0 0 0 0 F 1 F 1 F 0 F 0 F 0 F 0

24. Message Type ID (MTI) Includes: • The ISO 8583 version

    • The Message Class • The Message Function • The Message Origin 0XXX -> version of ISO 8583 (for example: 1987 version) X1XX -> class of the Message (for example: Authorization Message) XX0X -> function of the Message (for example: Request) XXX0 -> who began the communication (for example: Acquirer) 0100 MTI:100 (Authorization Request) 002 Primary Account Number : 4242424242424242 003 Processing Code : 0 004 Amount of Transaction : 1400 007 Transmission Date/Time : 2000-05-25T18:06:41+00:00 011 System Trace/Debit Reg E Receipt Number : 678336 012 Time, Local Transmission : 11:06:41+00:00 013 Date, Local Trans. (Debit/EBT)/Sales Date (Credit) : 2000-05-25T00:00:00+00:00 014 Card Expiration Date : 2020-02-01T00:00:00+00:00 018 Merchant Category Code : 3522 019 Acquiring Institution Country Code : 840 022 POS Entry Mode+ Pin Capability : 120 025 Point of Service (POS) Condition Code : 59 032 Acquiring ID : 498030 037 Retrieval Reference Number : "714518678336" 041 Terminal ID : "4C2ZYB1Y" 042 Card Acceptor ID : "S1PLJJKXXBT0CYD" 043 Alternative Merchant Name/Location : { 043 "card_acceptor_name": “UNDER THE HOOD ", 043 "city_name": "TOKYO ", 043 "country_code": "JP" 043 } 049 Transaction Currency Code : 840 060 Additional POS Information : { 060 "terminal_type": 0, 060 "terminal_entry_capability": 0, 060 "chip_condition_code": 0, 060 "special_condition_indicator": 0, 060 "reserved": 0, 060 "chip_transaction_indicator": 0, 060 "chip_card_authentication_reliability_indicator": 0, 060 "electronic_commerce_indicator": 7 060 } 063 VisaNet Integrated Payment Private Use : 001 Network ID : 0 126 Visa Private-Use Fields : 009 CAVV Data : "ffbf6cd03d0085d20d0bfae02d8fbe3000020000"

25. require "stripe" Stripe.api_key = "BQokikJOvBiI2HlWgH4olfQ2" Stripe::Charge.create( :amount => 1400, :currency

    => "jpy", :source => { :number => "4242424242424242", :exp_month => 9, :exp_year => 2020, :cvc => "314" }, :description => "αϯϓϧܾࡁ" ) MTI:100 (Authorization Request) 002 Primary Account Number : 4242424242424242 003 Processing Code : 0 004 Amount of Transaction : 1400 007 Transmission Date/Time : 2000-05-25T18:06:41+00:00 011 System Trace/Debit Reg E Receipt Number : 678336 012 Time, Local Transmission : 11:06:41+00:00 013 Date, Local Trans. (Debit/EBT)/Sales Date (Credit) : 2000-05-25T00:00:00+00:00 014 Card Expiration Date : 2020-02-01T00:00:00+00:00 018 Merchant Category Code : 3522 019 Acquiring Institution Country Code : 840 022 POS Entry Mode+ Pin Capability : 120 025 Point of Service (POS) Condition Code : 59 032 Acquiring ID : 498030 037 Retrieval Reference Number : "714518678336" 041 Terminal ID : "4C2ZYB1Y" 042 Card Acceptor ID : "S1PLJJKXXBT0CYD" 043 Alternative Merchant Name/Location : { 043 "card_acceptor_name": “UNDER THE HOOD ", 043 "city_name": "TOKYO ", 043 "country_code": "JP" 043 } 049 Transaction Currency Code : 840 060 Additional POS Information : { 060 "terminal_type": 0, 060 "terminal_entry_capability": 0, 060 "chip_condition_code": 0, 060 "special_condition_indicator": 0, 060 "reserved": 0, 060 "chip_transaction_indicator": 0, 060 "chip_card_authentication_reliability_indicator": 0, 060 "electronic_commerce_indicator": 7 060 } 063 VisaNet Integrated Payment Private Use : 001 Network ID : 0 126 Visa Private-Use Fields : 009 CAVV Data : "ffbf6cd03d0085d20d0bfae02d8fbe3000020000"

26. MTI:100 (Authorization Request) 002 Primary Account Number : 4242424242424242 003

    Processing Code : 0 004 Amount of Transaction : 1400 007 Transmission Date/Time : 2000-05-25T18:06:41+00:00 011 System Trace/Debit Reg E Receipt Number : 678336 012 Time, Local Transmission : 11:06:41+00:00 013 Date, Local Trans. (Debit/EBT)/Sales Date (Credit) : 2000-05-25T00:00:00+00:00 014 Card Expiration Date : 2018-09-01T00:00:00+00:00 018 Merchant Category Code : 3522 019 Acquiring Institution Country Code : 840 022 POS Entry Mode+ Pin Capability : 120 025 Point of Service (POS) Condition Code : 59 032 Acquiring ID : 498030 037 Retrieval Reference Number : "714518678336" 041 Terminal ID : "4C2ZYB1Y" 042 Card Acceptor ID : "S1PLJJKXXBT0CYD" 043 Alternative Merchant Name/Location : { 043 "card_acceptor_name": “UNDER THE HOOD ", 043 "city_name": “TOKYO ", 043 "country_code": "JP" 043 } 049 Transaction Currency Code : 840 060 Additional POS Information : { 060 "terminal_type": 0, 060 "terminal_entry_capability": 0, 060 "chip_condition_code": 0, 060 "special_condition_indicator": 0, 060 "reserved": 0, 060 "chip_transaction_indicator": 0, 060 "chip_card_authentication_reliability_indicator": 0, 060 "electronic_commerce_indicator": 7 060 } 063 VisaNet Integrated Payment Private Use : 001 Network ID : 0 126 Visa Private-Use Fields : 009 CAVV Data : "ffbf6cd03d0085d20d0bfae02d8fbe3000020000" require "stripe" Stripe.api_key = "BQokikJOvBiI2HlWgH4olfQ2" Stripe::Charge.create( :amount => 1400, :currency => "jpy", :source => { :number => "4242424242424242", :exp_month => 9, :exp_year => 2020, :cvc => "314" }, :description => "αϯϓϧܾࡁ" )

27. R. F!e"d!ng UC Irv!ne J. Gettys Compaq/W3C J. Mogu" Compaq

    H. Frystyk W3C/MIT L. Mas!nter Xerox P. Leach M!crosoft T. Berners-Lee W3C/MIT June 1999 Network Work!ng Group Request for Comments: 2616 Obso"etes: 2068 Category: Standards Track Hypertext Transfer Protoco! -- HTTP/1.1 Status of th!s Memo Th!s document spec!f!es an Internet standards track protoco" for the Internet commun!ty, and requests d!scuss!on and suggest!ons for !mprovements. P"ease refer to the current ed!t!on of the "Internet Off!c!a" Protoco" Standards" (STD 1) for the standard!zat!on state and status of th!s protoco". D!str!but!on of th!s memo !s un"!m!ted. Copyr!ght Not!ce Copyr!ght (C) The Internet Soc!ety (1999). A"" R!ghts Reserved. 27 MTI:110 (Authorization Request Response) 002 Primary Account Number : 4242424242424242 003 Processing Code : 0 004 Amount of Transaction : 1400 007 Transmission Date/Time : 2000-05-25T18:06:41+00:00 011 System Trace/Debit Reg E Receipt Number : 678336 015 Date, Settlement : 2000-05-26T00:00:00+00:00 019 Acquiring Institution Country Code : 840 025 Point of Service (POS) Condition Code : 59 032 Acquiring ID : 498030 037 Retrieval Reference Number : "714518678336" 038 Authorization Identification Response : "001444" 039 Response Code : "00" 041 Terminal ID : "4C2ZYB1Y" 042 Card Acceptor ID : "S1PLJJKXXBT0CYD" 044 Additional Response Data : { 044 "reason_code": "5", 044 "cavv_result_code": "2" 044 } 049 Transaction Currency Code : 840 062 Custom Payment Service Fields : 002 Transaction Identifier : 467145652018577 062 023 Product ID : "N " 063 VisaNet Integrated Payment Private Use : 001 Network ID : 2 0110 Authorization Response

28. R. F!e"d!ng UC Irv!ne J. Gettys Compaq/W3C J. Mogu" Compaq

    H. Frystyk W3C/MIT L. Mas!nter Xerox P. Leach M!crosoft T. Berners-Lee W3C/MIT June 1999 Network Work!ng Group Request for Comments: 2616 Obso"etes: 2068 Category: Standards Track Hypertext Transfer Protoco! -- HTTP/1.1 Status of th!s Memo Th!s document spec!f!es an Internet standards track protoco" for the Internet commun!ty, and requests d!scuss!on and suggest!ons for !mprovements. P"ease refer to the current ed!t!on of the "Internet Off!c!a" Protoco" Standards" (STD 1) for the standard!zat!on state and status of th!s protoco". D!str!but!on of th!s memo !s un"!m!ted. Copyr!ght Not!ce Copyr!ght (C) The Internet Soc!ety (1999). A"" R!ghts Reserved. 28 MTI:110 (Authorization Request Response) 002 Primary Account Number : 4242424242424242 003 Processing Code : 0 004 Amount of Transaction : 1400 007 Transmission Date/Time : 2000-05-25T18:06:41+00:00 011 System Trace/Debit Reg E Receipt Number : 678336 015 Date, Settlement : 2000-05-26T00:00:00+00:00 019 Acquiring Institution Country Code : 840 025 Point of Service (POS) Condition Code : 59 032 Acquiring ID : 498030 037 Retrieval Reference Number : "714518678336" 038 Authorization Identification Response : "001444" 039 Response Code : "00" 041 Terminal ID : "4C2ZYB1Y" 042 Card Acceptor ID : "S1PLJJKXXBT0CYD" 044 Additional Response Data : { 044 "reason_code": "5", 044 "cavv_result_code": "2" 044 } 049 Transaction Currency Code : 840 062 Custom Payment Service Fields : 002 Transaction Identifier : 467145652018577 062 023 Product ID : "N " 063 VisaNet Integrated Payment Private Use : 001 Network ID : 2 0110 Authorization Response

29. { "id": "ch_1AOajA2eZvKYlo2CIU3lpBKV", "object": "charge", "amount": 1400, "created": 1496013796, "currency":

    "jpy", "customer": "cus_Ak4sw0RVzWQrDk", ... "outcome": { "network_status": "approved_by_network", "reason": null, "risk_level": "normal", "seller_message": "Payment complete.", "type": "authorized" }, ... "review": null, "shipping": null, "source": { "id": "card_1AOaig2eZvKYlo2CEh9qjqsM", "object": "card", "address_city": null, "address_country": null, "address_line1": null, "address_line1_check": null, "address_line2": null, "address_state": null, "address_zip": null, "address_zip_check": null, "brand": "Visa", "country": "JP", "customer": "cus_Ak4sw0RVzWQrDk", "cvc_check": "pass", "dynamic_last4": null, "exp_month": 02, "exp_year": 2020, "fingerprint": "Xt5EWLLDS7FJjR1c", "funding": "credit", "last4": "4242", "metadata": {}, "name": null, "tokenization_method": null }, ... } MTI:110 (Authorization Request Response) 002 Primary Account Number : 4242424242424242 003 Processing Code : 0 004 Amount of Transaction : 1400 007 Transmission Date/Time : 2000-05-25T18:06:41+00:00 011 System Trace/Debit Reg E Receipt Number : 678336 015 Date, Settlement : 2000-05-26T00:00:00+00:00 019 Acquiring Institution Country Code : 840 025 Point of Service (POS) Condition Code : 59 032 Acquiring ID : 498030 037 Retrieval Reference Number : "714518678336" 038 Authorization Identification Response : "001444" 039 Response Code : "00" 041 Terminal ID : "4C2ZYB1Y" 042 Card Acceptor ID : "S1PLJJKXXBT0CYD" 044 Additional Response Data : { 044 "reason_code": "5", 044 "cavv_result_code": "2" 044 } 049 Transaction Currency Code : 840 062 Custom Payment Service Fields : 002 Transaction Identifier : 467145652018577 062 023 Product ID : "N " 063 VisaNet Integrated Payment Private Use : 001 Network ID : 2

30. 26584673 Stripe API infrastructure Card network ML-based
 fraud prevention

31. F R A U D

32. I N D U S T R I A L

    M A C H I N E L E A R N I N G • Deep integration with rest of your payments platform • Automatically improves with Stripe network • No manual labeling required, eliminating encoded biases

33. R A D A R F E AT U R

    E S Address mismatch Billing address Card type Order value IP address Proxy detection Cardholder ID Device ID Card history Card country Newness Gibberish Geolocation Network baselines Blocklists Trusted 
 customers Pasted fields

34. When a card is used, there’s an 86% chance we’ve

    seen it used before S T R I P E N E T W O R K

35. ML feature assemblers Stripe API Charge creation Address normalisation Token

    creation Card, IP , e-mail history Browsing/behavioural information

36. 26584673 Stripe API infrastructure Card network ML-based
 fraud prevention

37. None