New Topic

WHMCS Feature Requests Topic Idea Payment Gateways

Migrate to Stripe Elements Implementation

Brent Hartzell shared this idea 10 months ago

Investigating

Stripe have implemented a new integration method which supersedes the current Stripe.js method. The new integration is called "Elements" and is based upon hosted input methods.

A new module should be created (or the existing module re-written) to support this new implementation method.

Details are located here: https://stripe.com/docs/elements

The PCI compliance requirements of the Stripe.js implementation method have recently been increased, requiring the completion of an SAQ A-EP evaluation and increasing the costs of compliance. Switching to an Elements implementation would restore back to the simplest Pre-filled SAQ A form: https://stripe.com/docs/security

In addition Stripe have stated that the Stripe.js implementation is depreciated, however no cessation date has been set: https://stripe.com/docs/stripe.js/v2

I like this idea 0

Comments (14)

v1ktor ● 9 months ago

+1 on this. This would also make it unnecessary to implement descriptive errors from this idea:

https://requests.whmcs.com/topic/display-stripe-errors-to-clients

Reply URL

Richard Leishman ● 3 months ago

Stripe are now asking me to complete a PCI Compliance audit as WMCS is using old Stripe API.

"Upgrade your integration for easier PCI compliance

We strongly recommend that you migrate your checkout flow to Stripe Elements, Checkout, one of our mobile libraries, or one of our partner platforms in order to minimize your PCI scope. If you upgrade, Stripe pre-fills your PCI documentation for you. With your current setup, you'll need to provide your own documentation in the next step."

Reply URL

WHMCS Andrew ● 3 months ago

Hey Richard,

WHMCS utilises the Checkout method currently that you linked to here - this is implemented in the Client and Admin area when using Stripe. The Stripe API is only used when updating the client details, and if card details are already stored in your WHMCS installation (perhaps from a previously used module).

We are investigating currently migrating to the Elements method.

Andrew

Reply URL

grassroots ● 2 months ago

Could you explain this further? My WHMCS does not use checkout. Checkout generates a Stripe Payments pop-up to enter the card data. My WHMCS stripe integration places credit card fields on the checkout page directly. This is the Stripe.js integration which is depreciated and no longer automatically PCI compliant.

URL

Richard Leishman ● 3 months ago

Thanks for the speedy reply Andrew.

Reply URL

AnnoStephen ● 3 months ago

Thank you for the update @Andrew. We too are looking forward (with great anticipation) to the Stripe Elements implementation.

Reply URL

Vincent S ● 2 months ago

+1 for this

And might be handy if this could be included into the module https://requests.whmcs.com/topic/stripe-options

Reply URL

Sebastien ● 2 months ago

+1 for Stripe Elements.

This would simplify a lot the PCI compliance process.

Reply URL

Ozcart Ecommerce ● 2 months ago

+1. I hope you can launch this as soon as possible as I'm in the same situation and Stripe says that it doesn't appear we're using Checkout.

Reply URL

tomashworth ● 1 month ago

+1 this will be a massive help with PCI Compliance commitments

Reply URL

Mathieu REHO ● 1 month ago

+1 It would be useful because Stripe is now asking the SEQ-A form for PCI compliance.

Reply URL

Show All

Kjetil Pedersen ● 1 month ago

+1, stripe is asking for SEQ-A..

Reply URL

Kjetil Pedersen ● 1 month ago

+1 need Stripe Elements..

Reply URL

petem ● 3 weeks ago

+1 - Definitely needed!

Reply URL