Stripe have implemented a new integration method which supersedes the current Stripe.js method. The new integration is called "Elements" and is based upon hosted input methods.
A new module should be created (or the existing module re-written) to support this new implementation method.
Details are located here: https://stripe.com/docs/elements
The PCI compliance requirements of the Stripe.js implementation method have recently been increased, requiring the completion of an SAQ A-EP evaluation and increasing the costs of compliance. Switching to an Elements implementation would restore back to the simplest Pre-filled SAQ A form: https://stripe.com/docs/security
In addition Stripe have stated that the Stripe.js implementation is depreciated, however no cessation date has been set: https://stripe.com/docs/stripe.js/v2
I like this idea
+1 on this. This would also make it unnecessary to implement descriptive errors from this idea:
https://requests.whmcs.com/topic/display-stripe-errors-to-clients
Stripe are now asking me to complete a PCI Compliance audit as WMCS is using old Stripe API.
"Upgrade your integration for easier PCI compliance
We strongly recommend that you migrate your checkout flow to Stripe Elements, Checkout, one of our mobile libraries, or one of our partner platforms in order to minimize your PCI scope. If you upgrade, Stripe pre-fills your PCI documentation for you. With your current setup, you'll need to provide your own documentation in the next step."
Hey Richard,
WHMCS utilises the Checkout method currently that you linked to here - this is implemented in the Client and Admin area when using Stripe. The Stripe API is only used when updating the client details, and if card details are already stored in your WHMCS installation (perhaps from a previously used module).
We are investigating currently migrating to the Elements method.
Andrew
Thanks for the speedy reply Andrew.
Comments have been locked on this page!