Feature Requests
Share ideas, discuss and vote on requests from other users in community

When using Quantum Vault, prevent erroneous display of the WHMCS generated Manage Credit Card screen

MBayDesign shared this idea 8 months ago
Under Consideration

When using Quantum Vault, if a payment method (such as Check)was used to pay the last invoice, the WHMCS-generated Manage Credit Card (MCC) screen may display instead of Quantum Vault iframe. (See attachment)

This will occur only under certain conditions, but it is a possibility.

The only payment method I show on forms is the Quantum Vault. A small number of clients pay for some services by check, but I make this change myself from the admin on the relevant product in their profile.

If the default payment method on the client’s profile is set to “Select to change default” instead of the Quantum Vault AND if the last invoice they paid was via another method, like check, the MCC screen will display the WHMCS-generated screen instead of the quantum vault iframe.

If the payment method on the client’s account is set to default to the QV, then this won’t occur.

However, even though I have only one payment method that shows as available for the client, they can still edit their account details in their client area and change the payment method from QV to "Use Default (Set Per Order)".

If that happens (and if the last invoice paid was NOT via QV), the client would then have an opportunity to enter their credit card details directly into the database through the WHMCS MCC screen – a possibility that I don’t think anybody who uses Quantum Vault wants.

1) the client thinks they’re correctly updating their credit card when they’re not, and

2) now you’ve got full credit card details in your database.

To follow through, I did enter a test MC # into the WHMCS form successfully. (see other attached SS)

WHMCS says this is expected behavior, but to me, this constitutes a hole that can be jumped through. I have gone through all my clients to ensure that their default payment method is with QV, but just because it is unlikely that a client would change to “Default per Order” themselves, doesn’t mean that it should be ignored as a possibility.