[Shank]

> this is really pretty vital to what ALL of us do as part of our product development/launching/testing process

The whole point of test-mode is that you can run your transaction as if it was running on the live-mode network. The solution is to test in test mode. Live mode just runs real cards, it should be have identically to test mode.

The reason why this is a per-se violation is because you're playing on the real network with real cards, and that means the real anti-fraud systems are active, and the card networks are taking real interchange fees for doing their jobs. If you're already processing a ton of money per day, you probably can fly under the radar with 1-2 non-refunded test transactions that you reimburse yourself for later. But why risk it? If you're breaking the ToS you're risking account termination.

> The Stripe Services Agreement prohibits testing in live mode using real payment method details.

If Stripe or whomever else is your gateway to accepting all payments, why would you poke the bear? Section 6.2 of the Stripe Services Agreement:

> Stripe may immediately suspend providing any or all Services to you, and your access to the Stripe Technology, if:

> (e) you breach this Agreement or any other agreement between the parties;

It's just not worth the risk.

[LiKao]

> But why risk it?

Because testing environments often still mock some parts of the system and there may be subtle differences between mocked systems and live systems.

When I worked at a company that send out SMS to cell phones, we first tested our system without any connection to the network with our simulated SMS service provider. When we tried to go live, we tested a few live SMS on actual phones we controlled. It turned out, that there were some subtle differences between our mock SMS service and the real service, so we had to stop deployment and first fix the issues.

That was after months of testing in the test environment without any sign of the bug before we tried to go live.

[toasterlovin]

> But why risk it?

Because production is not staging or test and never will be. At the very least, you’re risking that your production configuration is incorrect and you won’t find out until customers test in production for you. More commonly, as we experienced with Authorize.net, the test environment is subtly different from production and the only documentation for the differences are 6 year old posts in migrated support forum threads.

Just have someone run a charge on their personal card and reimburse them.

[TheRealSteel]

But why do they care? You're paying the transaction fees. They're getting their money. If anything isn't it good for the payment processor to get more transactions?

It's a real transaction. Nobody was deceived, the money really changed hands, and the payment processor got their fee.

If I own a physical shop I'm allowed to buy stuff from it if I want, why isn't that also the case for an online store?

I'm not saying it isn't against the ToS, but I agree with OP it isn't obvious why it should be and it seems like almost everybody would test at least one real transaction at some point.

[toasterlovin]

I think the issue is that one possible scam is to sign up for a stripe account, run a bunch of charges from cards you control, then when the funds from Stripe hit your bank account, you run a bunch of chargebacks. So this policy that allows them to ban accounts that have even a whiff of this going on.

[mohsen1]

It's self dealing in the context of taxes.

[anteloper]

> The whole point of test-mode is that you can run your transaction as if it was running on the live-mode network. The solution is to test in test mode. Live mode just runs real cards, it should be have identically to test mode.

This is unreasonable. Test environment is never the same as prod. It's irresponsible to anyone you're actually accepting money from not to try the E2E flow in production.

Even if card processing is identical, who is say everything else in your flow is? It's either going to be you or a stranger on the internet being the first to try it for real.

[Brian_K_White]

"it should behave identically"

Come on man. Please don't tell me you engineer things based on "should".

"should" means nothing. The only way test something is to test it, not test something else that "should behave identically".

Maybe payments are a special case where you have to do it wrong for some overriding reason, but the general premis to test for real was 100% correct.

[michaelt]

> But why risk it?

I once worked on a system that, when it updated a database row, wrote the software version into a last-modified-by column.

Version 1.23-PRODUCTION worked fine.

Version 1.23.1-SIT worked fine too, in the integration test environment.

Version 1.23.1-PRODUCTION exceeded the column length limit, so it couldn't update any rows. It was completely broken.

If your site has loads of traffic you can just YOLO things from SIT into production and rely on alerting and complaints to catch such issues. But if it's absolutely critical, like a big high profile product launch? I wouldn't want to rely on luck.

[sarreph]

I have had production differences show up that were not present or even reproducible in test mode on a major e-commerce platform payment system.

[king_of_goats]

I'm not saying "yeah let's rebel and keep doing it!" or anything like that; now that I'm aware of this I'll be ultra-careful going forward.

My point is -- it seems absurd that people WOULD get their account banned for a couple of trivial test payments. And since this practice seems so widespread in the software developer / entrepreneur community, I think these doomsday soothsayers telling us that your account WILL get banned if you do this are clearly overstating how serious this is and how aggressively it's policed and cracked down on by PPs like Stripe.