macisbac Posted November 21, 2016 Share Posted November 21, 2016 Which Self Assessment questionnaire (SAQ) should be used where the billing system is WHMCS using Stripe Checkout/js to process card payments? Referring to this: https://www.hackerguardian.com/pci-saq.html I am unsure if it's A or A-EP I think it's A-EP but would like to know what SAQ other WHMCS/Stripe users completed. Cheers Mac 0 Quote Link to comment Share on other sites More sharing options...
WHMCS ChrisD Posted November 21, 2016 Share Posted November 21, 2016 Hey Mac, Although we cant provider an official answer you would be looking at A based of the descriptions PCI Compliance, with the Stripe module that we are launching with 7.1 the Card Details don't ever go thru WHMCS 0 Quote Link to comment Share on other sites More sharing options...
macisbac Posted November 21, 2016 Author Share Posted November 21, 2016 Thanks Chris, I appreciate you can't give an official response. My main confusion with whether it's A or A-EP is when going through the wizard to establish which questionnaire is applicable. To get to A you would have had to select option that says payment option is fully outsourced, which doesn't sound right when the customer is on our site. For the A Questionnaire, there is this line: "All elements of all payment pages delivered to the consumer’s browser originate only and directly from a PCI DSS validated third - party service provider(s)." How does the WHMCS/Stripe solution fit with that line considering that the the customer sees the WHMCS checkout page with Stripe pop up window? 0 Quote Link to comment Share on other sites More sharing options...
WHMCS ChrisD Posted November 21, 2016 Share Posted November 21, 2016 Hi Macisbac, Stripe provide a API that ensures your clients credit card details do not touch the WHMCS server. I've included an extract from http://docs.whmcs.com/Stripe below. Payment Workflow Automated recurring and on-demand billing is supported. When making a payment, customers are able to select to use a previously stored card or enter a new one. Customers can update their credit card at any time from the client area. Admin level users with the necessary permissions can also perform card updates from the admin area. Customers never leave your WHMCS installation during checkout or updating their card. Personal card information is submitted directly to Stripe and is never stored in your local WHMCS installation. The Stripe API is used for refunds and obtaining transaction information. The stripe.js library is used for payments and card updates. 0 Quote Link to comment Share on other sites More sharing options...
macisbac Posted November 21, 2016 Author Share Posted November 21, 2016 Thanks for confirming Chris 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.