Feature Requests
Share ideas, discuss and vote on requests from other users in community

eWay Token Payments - Enhancements to module needed

slim shared this idea 2 years ago
Under Consideration

There are two major problems with this module.

1. From the admin area, you cannot update the card number via the usual UI. The card number ends up being stored in the WHMCS DB (a PCI security issue). This needs to be enhanced so that a token is created and stored.

2. The customer cannot update their card unless there is an UNPAID invoice in the system. This needs to be enhanced so the customer can update their card details at any time. (and they are stored in a token at eway).

3. There is no way to migrate customers from the OLD eway module (where the card numbers are stored locally in the WHMCS DB) to the eway token method. There needs to be an easy way to migrate a customers card number FROM whmcs to eway.

Comments (9)


What also is required with this mod is the fact that the WHMCS invoice number and the WHMCS description are not pushed to eWay in the correct fields. The Invoice and Description are empty and the WHMCS invoice is found in the eWay Reference field.

This is OK if eWay is your last stop but when using Xero as your accounting package there is an issue as eWay can't push your WHMCS invoice number to Xero (because this field was empty coming from WHMCS. Instead, eWay pushes their own reference number which doesn't line up with the invoice WHMCS sent to Xero independently.

Therefore, for Xero users, this gateway is useless at the moment.

Files: eWay.png

Hi this is a great disappointment for us, too, and it is urgent.

Just as an aside, there are queries in the forum that show how to decrypt CC, so generating a CSV to import at eway is routine. Just need to find out where to put the token that get assigned


Has there been any progress on this so far? Thinking of writing either a new payment gateway or a module to solve these issues.


This is my summary of the current fixes needed to the eWay tokens module:

  • doesn't remove credit card number (tblclients.cardnum) from the database once it's stored in a token
  • offers no conversion service - you lose all your saved cards and customers have to re-enter
  • admin credit card edit doesn't work, just saves in local database with no warning
  • -- by product of above: admin can save card by logging in as user if and only if there is an open/unpaid invoice
  • doesn't put the invoice number in the correct Reference field (which breaks Xero integration) (correct solution is a WHMCS hook to supply the needed text)

This is all functionality I'd think was required! Halfway through writing and testing code to do this (at the testing stage).

Discussion occurs on these forum threads (there may be others):

old (Nov 2016): https://forum.whmcs.com/showthread.php?117150-eWay-token-payments-in-WHMCS-6-x-Not-practically-usable-Anyone-else-using-this

recent (Feb-April 2017): https://forum.whmcs.com/showthread.php?125190-Upgrade-to-7-1-1-from-6-3-eWay-token-payments-issues


Thanks for the summary.. Yes, its a poor state of affiars for one of the biggest payment gateways in Australia.


I've extended our admin side to handle the eway gateway. Admin edit removes CC number, and the admin add now does the submit to eway and substitute a token.

I have also written a script to decode the DB for CC numbers and such for import at eway


Any update on this issue?


If anyone stumbles across this and needs help migrating clients from the old eway module (where card details are stored in the WHMCS db) to the new token module, I worked out a method that achieves the following:

1. Card details are removed from the WHMCS db.

2. Card details are stored at eWay and a token is stored in the WHMCS db.

The method is as follows:

1. Using your cc_encryption_hash (configuration.php) obtain the customer's current card details from within the whmcs admin area. Paste the card number and exp date into a text file.

2. Clear the details from the WHMCS db.

3. Go into the customers profile and change default payment to 'Credit Card' or whatever you have called the token version of the module.

4. login as the client.

5. Pay an existing invoice. Make up a CVC. Some banks check it, some don't. EVEN if the transaction fails, the card will be stored in a token. If it failed, go back to the admin area and attempt to capture - If the card has funds, it will capture. (the CVC isn't required for token transactions beyond the first - so once its in eWay, the transaction will pass as long as there is sufficient funds.

6. If the customer doesn't have an un paid invoice, wait till they do.

This process is time consuming, but once your done you can disable and then delete the old eway module.


I have coded an automated way to do this, which will enable you to switch all users from old eway to token payments.

If anyone is interested, please contact me via [email protected]