Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Migrate to Stripe Elements Implementation

Brent shared this idea 1 year ago
Investigating

Stripe have implemented a new integration method which supersedes the current Stripe.js method. The new integration is called "Elements" and is based upon hosted input methods.

A new module should be created (or the existing module re-written) to support this new implementation method.

Details are located here: https://stripe.com/docs/elements

The PCI compliance requirements of the Stripe.js implementation method have recently been increased, requiring the completion of an SAQ A-EP evaluation and increasing the costs of compliance. Switching to an Elements implementation would restore back to the simplest Pre-filled SAQ A form: https://stripe.com/docs/security

In addition Stripe have stated that the Stripe.js implementation is depreciated, however no cessation date has been set: https://stripe.com/docs/stripe.js/v2

Comments (47)

photo
1

Thank you WHMCS John, I would like to add that it is not that Stripe imposes stricter requirements on their merchants than others, it is a requirement of PCI Compliance; in order to maintain PCI compliance at the easiest level a PCI DSS-A form is required which is only available to merchants if they use Hosted Checkout, which is what is talked about here by Steve West and others.

The purpose of Hosted Checkout is to avoid the storage of customer card data in part or whole on our respective WHMCS environments, in order to achieve a greater level of security but also for those requiring certain compliance rates (like PCI) to achieve them without hours an hours paperwork and audits that cost tens of thousands of dollars.

photo
1

Thanks Kris, that was our understanding too. I've clarified the wording in my message above.

photo
1

Hello @WHMCS John,

Thank you for you work on this case. I'd also like to suggest to add the 3D Secure feature which is very important for hosters to avoid payment opposition :

https://requests.whmcs.com/topic/stripe-3d-secure

This feature has been added by Stripe over one year ago and we don't have any news from WHMCS about that.

Regards,

photo
1

Hi Mathiew,

Thanks for your continued contributions to the discussion. Let's please keep this request on topic regarding the details of a replacement for the current Stripe implementation. A discussion of adding additional features to the modules is best assessed on its own merits in the feature request you highlighted.

photo