Jump to content
  • 0

Auto-charging of stored cards?

chrisbfinternet

Asked by chrisbfinternet,

 Share

Question

chrisbfinternet Junior Member

chrisbfinternet

Posted
Posted

Hi there,

 

I'm looking to automate the billing process for renewals for our hosting clients. The manual process of print invoice, chase invoice, cash cheque etc. is too inefficient with a large customer base.

 

WHMCS seems to be the solution, but I can't find for definite if it's possible to auto-charge the card stored against a customer account at renewal / invoice due. The demo seems to require manual input for the CV2 when using a stored card (which I think is required for PCI compliance?) but the documentation refers to the being some automation options. This post hints that auto-charging may be possible.

 

Can we auto-charge all hosting clients at renewal, and nag clients who don't have any valid card details stored?

 

The payment gateway would be SagePay / Protx, although this could change if absolutely necessary.

 

Thanks,

Chris

0
Link to comment
Share on other sites

12 answers to this question

Recommended Posts

  • 0
chrisbfinternet Junior Member

chrisbfinternet

Posted
  • Author
Posted

Hi guys,

 

That's brilliant news! Would the SagePay integration require 'form' or 'direct' integration (direct needing SSL & PCI compliance complications)?

 

If PCI compliance is required for SagePay, are there any of the supported merchant gateways that don't, meaning the implementation of WHMCS would be simpler?

 

Thanks,

Chris

0
Link to comment
Share on other sites
  • 0
laszlof Senior Member

laszlof

Posted
Posted

I'm not sure what the difference is between "Form" and "Direct" integration. PCI Compliance is up to you to handle, WHMCS itself should be compliant but there is a lot more to it than just the web frontend when it comes to storing credit cards.

 

Since there is no whmcs module for sagepay, I would suggest using one of the already supported payment gateways unless you want to code (or pay someone to code) your own module for it.

0
Link to comment
Share on other sites
  • 0
chrisbfinternet Junior Member

chrisbfinternet

Posted
  • Author
Posted

Hi there,

 

Thanks for taking the time to reply. SagePay is the new name for Protx so the existing module should work.

 

SagePay form (Protx 'vsp form' as it was) involves passing the customer through to a page hosted on SagePay's server for payment, negating the need for any PCI compliance. All the processing is done away from WHMCS (which never sees any card details, just the status of payment successful/failed at the end).

 

SagePay direct means the customer will stay within the same website (i.e. the WHMCS installation) throughout the whole payment process, so an SSL will be required and maybe PCI compliance adhered to if details are stored on the server.

 

Does that help with the question?

 

Thanks,

Chris

0
Link to comment
Share on other sites
  • 0
scurrell Senior Member

scurrell

Posted
Posted

Last one ;) Are there any modules you know of that support recurring auto-charging without the need for an SSL?

 

If you're not worried about protecting your customers information, then perhaps you shouldn't be in the hosting business.

 

Especially for the sake of $10 a year.....

 

 

PS. SagePay works fine.

0
Link to comment
Share on other sites
  • 0
chrisbfinternet Junior Member

chrisbfinternet

Posted
  • Author
Posted
If you're not worried about protecting your customers information, then perhaps you shouldn't be in the hosting business. Especially for the sake of $10 a year.....

 

That's not quite what I said - If there's a payment provider that can process payments on their server (as SagePay form does) then we are protecting our customers information in a better way, without getting caught up in PCI/ SSL etc. ourselves.

 

The cost of an SSL isn't the issue, it's just that the option of us storing the card details is the least desirable of the two.

0
Link to comment
Share on other sites
  • 0
chrisbfinternet Junior Member

chrisbfinternet

Posted
  • Author
Posted

Hi guys,

 

for future reference for people searching, I'd like to update this thread with a couple of links after digging around, specifically about SagePay:

 

In this thread regarding Quantum Gateway titled "Worried about the risks of storing credit cards and PCI Compliance" (which summarises our position, as we'd rather not store them if we don't have to) it mentions that SagePay also offers the facility to store credit card details, external to the WHMCS installation:

 

this new Vault Solution from Quantum Gateway enables you to accept credit cards while completely avoiding the hassles of PCI compliance

 

We will therefore be releasing modules for SagePay in due course to take advantage of these external storage solutions

 

 

 

Additionally, SagePay supports 'Continuous Authority transactions' (otherwise known as Recurring Billing) which is better than storing the card details:

 

Continuous Authority transactions do not require a CV2 value or expiry date. The initial regular transaction, once verified, will be a trusted card and so subsequent repeats of this transaction will not need to have the data passed again. If the card expires, as long as the card number has not changed, it can still be processed.

 

And from here:

The amount of the initial transaction has no relevance, as you can repeat for any amount below / above the previous PAYMENT/REPEAT. With regards to any cards that expire, as long as the card number has not changed, it can still be processed.

 

Using SagePay for Continuous Authority Payments does require a Continuous Authority Internet Merchant number from your Acquiring bank however. Continuous Authority does indeed work with VSP Form, Server and Direct methods of integrating with SagePay.

 

As repeat & Continuous Authority Payments are supported by VSP form (using a gateway page hosted by SagePay) there will be no need for us to use WHMCS to store credit card details.

 

That sounds perfect! I'll be contacting the WHMCS support team to find out more today, hopefully the WHMCS will support Continuous Authority Payments. If not, we'll have to write one!

 

Even if you're not processing the card details on your website, I'd still recommend an SSL certificate to encrypt the other client data while it's being transmitted; name, address, telephone number etc.

 

Thanks John - that's definitely a good idea. Our developer informed me that we have an SSL already as it happens (which I didn't know about), so we'll definitely be making the most of that!

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept