Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Migrate to Stripe Elements Implementation

Brent shared this idea 1 year ago
Investigating

Stripe have implemented a new integration method which supersedes the current Stripe.js method. The new integration is called "Elements" and is based upon hosted input methods.

A new module should be created (or the existing module re-written) to support this new implementation method.

Details are located here: https://stripe.com/docs/elements

The PCI compliance requirements of the Stripe.js implementation method have recently been increased, requiring the completion of an SAQ A-EP evaluation and increasing the costs of compliance. Switching to an Elements implementation would restore back to the simplest Pre-filled SAQ A form: https://stripe.com/docs/security

In addition Stripe have stated that the Stripe.js implementation is depreciated, however no cessation date has been set: https://stripe.com/docs/stripe.js/v2

Best Answer
photo

Hi all,

Thanks for your votes and comments. My main takeaway from this discussion is that the ability to process credit cards via Stripe and make charges at-will - whilst maintaining the easiest Pre-filled SAQ A compliance burden - is your main priority.

Stripe offers two solutions which are marketed to address the desires of this feature request. At this time we are reviewing both to see how well they meet these desires and judging the practicality of implementation.

Comments (55)

photo
1

Hello @WHMCS John,

Thank you for you work on this case. I'd also like to suggest to add the 3D Secure feature which is very important for hosters to avoid payment opposition :

https://requests.whmcs.com/topic/stripe-3d-secure

This feature has been added by Stripe over one year ago and we don't have any news from WHMCS about that.

Regards,

photo
1

Hi Mathiew,

Thanks for your continued contributions to the discussion. Let's please keep this request on topic regarding the details of a replacement for the current Stripe implementation. A discussion of adding additional features to the modules is best assessed on its own merits in the feature request you highlighted.

photo
photo
1

Has any progress been made on this? This is really an essential feature for those of us who use Stripe.

photo
1

Hi Nick,

We expect to have more information to share on this in the first half of 2019.

photo
1

That far? This is such an easy yet crucial update! Oh my, this means we still have to wait over 5 months. Way to make us yearly paying customers feel left out while you build less important features. If it wasn't a necessary feature, I would wait, but, this is urgent.

Once again, payment gateways must ALWAYS be updated first in any system.

Would a hundred more "likes" to this idea make it more urgent?

You guys, as WHMCS, should KNOW what is urgent for your clients and not depend on us.

photo
1

I believe they just haven't realized the potential severity of this problem because so far, we have not heard of merchants being shut down due to the new form requirement.

I suspect many others, like me, are for now simply ignoring Stripe's request, and it seems to me Stripe hasn't really pushed this yet. Maybe I'm wrong since I'm very small, would like to hear some larger volume users share their experience on this.

But I can guarantee you, if one day Stripe suddenly decides to suspend accounts that haven't filled out the long SAQ A-EP form, there will be a storm here at WHMCS, and WHMCS will be responsible for this.

This is the reason I asked in a previous comment, whether WHMCS can talk to Stripe and ask them to leave these accounts alone while a new release is being rolled out. I believe WHMCS must have enough users on Striple to give them a voice. I heard no response from WHMCS on this request.

If WHMCS simply does not care, then we're all sitting on a potential ticking time bomb, with fingers crossed.

photo
1

It seems like either WHMCS doesn't get it or doesn't care. This is really an urgent issue, and yet we seem unable to impress that upon them here or via ticket.

photo
1

2019 H1?

Payment compliance and fraud prevention mean a lot to hosting providers.

You might be failing your customers by ignoring an issue that may very soon disable us from accepting payments.

The fancy features you are prioritizing may be nice to have. But at the end of the day, if you can't collect payments, do features still matter?

photo
photo
1

I also just got a notice inside the Stripe dashboard regarding SAQ -A form.