Stripe have implemented a new integration method which supersedes the current Stripe.js method. The new integration is called "Elements" and is based upon hosted input methods.
A new module should be created (or the existing module re-written) to support this new implementation method.
Details are located here: https://stripe.com/docs/elements
The PCI compliance requirements of the Stripe.js implementation method have recently been increased, requiring the completion of an SAQ A-EP evaluation and increasing the costs of compliance. Switching to an Elements implementation would restore back to the simplest Pre-filled SAQ A form: https://stripe.com/docs/security
In addition Stripe have stated that the Stripe.js implementation is depreciated, however no cessation date has been set: https://stripe.com/docs/stripe.js/v2
I like this idea
Hi all,
Thanks for your votes and comments. My main takeaway from this discussion is that the ability to process credit cards via Stripe and make charges at-will - whilst maintaining the easiest Pre-filled SAQ A compliance burden - is your main priority.
Stripe offers two solutions which are marketed to address the desires of this feature request. At this time we are reviewing both to see how well they meet these desires and judging the practicality of implementation.
+1 on this. This would also make it unnecessary to implement descriptive errors from this idea:
https://requests.whmcs.com/topic/display-stripe-errors-to-clients
Stripe are now asking me to complete a PCI Compliance audit as WMCS is using old Stripe API.
"Upgrade your integration for easier PCI compliance
We strongly recommend that you migrate your checkout flow to Stripe Elements, Checkout, one of our mobile libraries, or one of our partner platforms in order to minimize your PCI scope. If you upgrade, Stripe pre-fills your PCI documentation for you. With your current setup, you'll need to provide your own documentation in the next step."
Hey Richard,
WHMCS utilises the Checkout method currently that you linked to here - this is implemented in the Client and Admin area when using Stripe. The Stripe API is only used when updating the client details, and if card details are already stored in your WHMCS installation (perhaps from a previously used module).
We are investigating currently migrating to the Elements method.
Andrew
Thanks for the speedy reply Andrew.
Thank you for the update @Andrew. We too are looking forward (with great anticipation) to the Stripe Elements implementation.
+1 for this
And might be handy if this could be included into the module https://requests.whmcs.com/topic/stripe-options
+1 for Stripe Elements.
This would simplify a lot the PCI compliance process.
+1. I hope you can launch this as soon as possible as I'm in the same situation and Stripe says that it doesn't appear we're using Checkout.
+1 this will be a massive help with PCI Compliance commitments
+1 It would be useful because Stripe is now asking the SEQ-A form for PCI compliance.
+1, stripe is asking for SEQ-A..
+1 need Stripe Elements..
+1 - Definitely needed!
+1, Stripe are asking us for SEQ-A questionnaire now.
I switched from a 3rd party Stripe module for WHMCS in favour of the Stripe module supplied directly by WHMCS believe it would be better supported. I am now regretting that move!
Seriously, payment methods should be priority over other small features! Come on WHMCS Team, we know you can do this :). Everyone who uses Stripe is affected by this and we need a resolution/update asap :).
This is a badly need improvement.
WHMCS is a billing management software and Stripe is one of the most popular online payment processors. I'm sure many many companies rely on them now face the dreaded SEQ A-EP. Please make this integration a TOP level priority.
+1 Stripe are advising users to upgrade asap as stripe.js has been deprecated.
+1 This will be a non-starter for WHMCS and Stripe if this is not implemented correctly.
+1 - This is esential!
+1 We need this!
This is a must. I just finished talking to Stripe about this yesterday and they said they had not heard from WHMCS regarding this.
Need this, second time for me they are asking.
I can't believe nothing has been done since this was reported 11 months ago.
I've now reverted back to the previous Stripe add-on I was using https://mostripe.com/whmcs/checkout/
Stripe are now happy with compliance again.
I can't do recurring billing but that's not such an issue as we encourage Direct Debit payments for regular payments anyhow.
Thank you, Neil, for the link. I'll keep it in case I receive a Stripe notification about this.
I am highly disappointed with WHMCS's behavior about this, even though I really like using WHMCS.
They don't seem to realize that payment gateways are more important than other small features.
I use WHMCS, WooCommerce, aMember, Ozcart, and the last 3 always update their payment gateways. In fact, I've seen lots for various payment gateways in the last months, lots.
+1 Need this, we have changed to Mostripe module now.
We pushed this very hard through a support ticket and initially an attempt was made several times (as usual) to fob us off with the standard "it is a feature request, so open one on this portal". When told there was already one, was then told to open a thread on the community forums to which they were told that this also already existed - both of which had been around for a very long time with a reasonable amount of support. Wouldnt hold your breathe people !
Thanks havenswift-hosting for the update. We can deal with all the other feature requests being pushed behind, but if we cannot get paid properly because of this, our business cannot continue.
This is necessary in my opinion - I cannot continue to do business with some of our customers without it.
Hi all,
Thanks for your votes and comments. My main takeaway from this discussion is that the ability to process credit cards via Stripe and make charges at-will - whilst maintaining the easiest Pre-filled SAQ A compliance burden - is your main priority.
Stripe offers two solutions which are marketed to address the desires of this feature request. At this time we are reviewing both to see how well they meet these desires and judging the practicality of implementation.
Thanks for your feedback thus far, it’s helpful to distil the main aim of the change being discussed here. I can also address some of the other points raised.
I appreciate the interest in the other features that Stripe provides, we can consider these on their own merits. Please add your votes to these specific requests or open new ones as appropriate:
I feel it is important to note that work is already well underway and approaching completion on our next feature release. Therefore any changes to the Stripe integration can be expected, not in the immediate upcoming release, but likely in the next release following that. In the meantime, there are 3rd party solutions available via the WHMCS Marketplace or there are alternative gateways such as Authorize.net/EVO Accept.js Payments that do not have as strict SAQ requirements.
Thank you WHMCS John, I would like to add that it is not that Stripe imposes stricter requirements on their merchants than others, it is a requirement of PCI Compliance; in order to maintain PCI compliance at the easiest level a PCI DSS-A form is required which is only available to merchants if they use Hosted Checkout, which is what is talked about here by Steve West and others.
The purpose of Hosted Checkout is to avoid the storage of customer card data in part or whole on our respective WHMCS environments, in order to achieve a greater level of security but also for those requiring certain compliance rates (like PCI) to achieve them without hours an hours paperwork and audits that cost tens of thousands of dollars.
Thanks Kris, that was our understanding too. I've clarified the wording in my message above.
Hello @WHMCS John,
Thank you for you work on this case. I'd also like to suggest to add the 3D Secure feature which is very important for hosters to avoid payment opposition :
https://requests.whmcs.com/topic/stripe-3d-secure
This feature has been added by Stripe over one year ago and we don't have any news from WHMCS about that.
Regards,
Has any progress been made on this? This is really an essential feature for those of us who use Stripe.
I also just got a notice inside the Stripe dashboard regarding SAQ -A form.
Comments have been locked on this page!