Stripe Radar rules doesn't work for apple pay pending authorization

Question

Our user flow is like this:

1. User will request service with apple pay (PKPaymentSummaryItemTypePending)
2. Stripe will provide apple pay token
3. We will provide the service
4. We will charge the user for the service

We have a radar rule to block prepaid cards. Unfortunately, if you use apple pay with a prepaid card, it will pass through steps 1 - 3, then get blocked at step 4.

Therefore user will get the service free.

The goal is to block them at step 2.

How do we validate the card before step 3?

Answer 1

1. Upon creation of apple pay token, check at the "funding" of the card and block it if it is prepaid
2. Instead of just charging the apple pay token, attach it to a customer object then simply charge the customer later.

From Stripe:

reference 1

When you have a Radar rule set on your Stripe account, it doesn't actually run the rules on the tokenization stage. Instead, it runs when the charge attempt is being made, which is why it didn't occur when you first tokenized that Apple Pay card. When you tokenize a card and attach it to a customer object, we do a $0 or $1 authorization to ensure the card details are valid. This doesn't run anything like Radar rules on the card, however. It's only a step to make sure we can theoretically charge a card.

If you're looking to be able to "block" prepaid cards in the tokenization stage before a charge is attempted, this would need some custom development, as the Radar rule you have in place to block prepaid cards will only work in the charge stage. To prevent prepaid cards from making it past the token stage, what you can do is have some code in place on your end that looks at the "funding" of the card token after you create the token. This tells you what type of card it is, such as a debit, credit, or prepaid card.

https://stripe.com/docs/api#token_object-card-funding

If your code confirms it's a prepaid card, you can simply stop the charge process here and instead choose to show your customer that prepaid cards aren't accepted, and to use a normal debit or credit card

reference 2

Stripe will automatically attempt a $0 / $1 authorization once you attach a token to a customer. The authorization will happen once a customer's created, or if they're using Checkout. Here's a link with a little more information:

https://support.stripe.com/questions/why-does-my-customer-see-an-extra-1-00-charge-on-their-statement

That authorization doesn't use the token, it's a back end event that happens on our side.