in our website have: - user registration (data includes name , last name) - embedded payment system (powered stripe)
users can purchase items online , want sure card use pay owned them, i.e. card owner first name , last name match user's name , last name (if it's not ask our users update personal data or use card). use stripe payment services provider (btw, amazing!) question platform independent. told there no actual way achieve (since payments can processed without name , last name , bank don't return them), except passing name , last name bank along card numbers in charge request , hope issuer bank perform match control on them , if wrong reject payment (but that's not guaranteed, many banks don't it).
on strength of that, best practice user identity verified when charging payment?
you're right in there no validation of card name when performing authorization. there other options however.
cv2/cvc/avs
one simple option perform cv2 check (also known cvv - card verification value, cvc - card verification check, or avs - address verification service). take numerics users address, numerics zip code, , 3 digits of bank card (four digits on amex) , submit them whilst performing authorization.
the payment service provider respond cv2 result informs parts match/dont match. ie 'all match' or 'address match only' , on. can use decide whether want accept payment, or send reversal cancel authorization.
https://support.stripe.com/questions/what-is-avs
3dsecure/vbv/securecode
there additional identification services developed jointly visa/mastercard common in europe (and believe introduced us). shared technology known 3d-secure, branded visa 'verified visa', mastercard 'mastercard securecode', amex 'safekey' , on.
this first requires cardholder configure password bank. @ time of online authorisation, card holder redirected payment page cardholders bank, displays custom greeting , (optionally) asks user confirm password.
