[NavyG]

Does the vagueness of the error message have something to do with reducing frauds?

[happymellon]

Surely that's what 3D secure is for. I don't see how blocking error messages reduces the fraud.

All of my accounts come with that enabled by default and will ping my phone app, so stealing my card number isn't enough.

Card details + something I know + something I have.

[tomschwiha]

Usually yes. And there can be alot going on: https://stripe.com/docs/error-codes

I guess it's the same intention, why to not tell the user an email is already registered on your site. Could be used for personalized scam/fraud. However often you trade security for comfort.

[NavyG]

Yeah it does not make sense to pass on every error message to the customer but don't these error codes get logged on the console anyways?

[vedantkhairnar]

Is there some way to understand if the payment page is a phishing attack?