Stripe module problems v7.3.0

[mustardman]

I just updated from v6 and from serverping 3rd party Stripe module.

I made sure that all the 3rd party stripe files were deleted including the custom template files and replaced by six and standard_cart template files.  

So far existing customers do not appear to be affected.  This is only for new customers and credit card changes since the update. 

First problem is that credit cards are stored locally.  I read in the stripe documentation that cards are stored locally until after a purchase is made.  After that it creates the customer and token on Stripe and saves that token info locally.  That works as expected.  However, it is also supposed to delete the full credit card number stored locally but it does not appear to do that.  I know because in admin area "Credit Card Information" it has an additional field for entering the CC hash.  If I enter the CC Hash number I get the full credit card number.

Second problem probably related to first.  If I check "Disable Credit Card Storage" in admin area then nothing credit card related works in admin or client area.  I cannot add/change/delete cards from admin area.  The "Manage Credit Card" link in the client area disappears.  I cannot browse to it even if I use the direct link "/clientarea.php?event=creditcard"

I found this troubleshooting guide (about 3/4 of the way down) by searching for another error I had only in admin area ("No Stripe Details Found for Update") and went through all those things. 
https://docs.whmcs.com/Stripe

There are definitely no remaining 3rd party stripe files, templates or changes anywhere.  I can get around that error by enter credit card in client area so that error only happens in admin area and no I do not have any admin area customizations.

Edited October 11, 2017 by mustardman

[Chris74]

This is worrying. I'm soon to be upgrading WHMCS and I really need Stripe to work. It's also a great concern that card details are being stored. I was under the impression that this was tokenised and only the last four digits were stored.

With the new EU GDPR legislation, is is vitally important that businesses have an effective data protection policy and practices in place and it seems WHMCS is woefully inadequate when it comes to this area. This new legislation comes into force in six months time, so if this software is still not compliant, it will make any business using WHMCS in breach.

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

The last time I looked at this a few months ago, it seemed that if you upgrade WHMCS to version 7, the old stripe module doesn't work, so you have to remove it - but the new integrated module will only work with the default templates and has several problems that need to be addressed. So this makes it currently impossible for us to upgrade because we rely totally on Stripe to run our business.

It's really disappointing that WHMCS haven't focussed their attention on this issue and have not come up with a solution.

[WHMCS Andrew]

 

11 hours ago, mustardman said:

First problem is that credit cards are stored locally

Card details are absolutely not stored when using the Stripe module - if the card details were already stored in WHMCS, then they would continue to be until the next payment. But, when checking out as a client and entering new details, WHMCS does not receive any card details, and the details are sent straight to Stripe. If you are getting card details stored, then you would appear to have some misconfiguration somewhere, perhaps with a custom template. You can tell if the card input form (admin or client area) is working correctly if you do not see a card type. If you see a card type field, then Stripe is not the selected gateway. For a new client in the admin area, their payment method (until an order has been added) will be the first payment gateway in the list in Setup -> Payments -> Payment Gateways. You can also override this on the profile tab using the Default Gateway option.

 

11 hours ago, mustardman said:

If I check "Disable Credit Card Storage" in admin area then nothing credit card related works in admin or client area.

As the Stripe module is still a CC gateway, you cannot disable CC storage as WHMCS still needs to store some data (like the gateway id, card last 4 and card expiry).

 

If you are continuing to have issues in the admin area, I would suggest opening a ticket so our Support Team can take a look for you and advise.

[mustardman]

Thanks for the reply.   I do see card type in admin and client area when the client payment method is set to PayPal.  It goes away when client payment method is switched to Stripe or default (Stripe).  Would this be considered a bug?  

To reproduce on v7.3.0.  Set up Stripe and PayPal payment gateways with Stripe as default (at the top).  Setup a test client with no credit card saved and go to Profile > Payment Method and set it to PayPal.  Now if you try save a credit card to that client in admin or client area it will have "Card Type" option. In admin area it fails and Gateway Transaction Log has stripe gateway data "No Stripe Details Found for Update".  If you try do the same thing in client area it successfully saves the credit card locally.  No gateway transaction log.  Now view it in admin area and you see the option to enter CC Hash to view entire card number.  

I tested the same thing on a v6.3.2 system that uses the serverping stripe module and it works the way I would expect it to work.  It always saves credit card info to Stripe even if I set client profile default payment method to Paypal.  I updated that database to WHMCS v7.3.0 on a different server.  So the settings are all the same.  The only changed are the WHMCS version and switching from 3rd party to internal Stripe module.  This is definitely not a template issue because it happens in admin area and there are no custom templates being used there.

The  requirement to not "Disable Credit Card Storage" was adding to the confusion.  It is not explained anywhere in the documentation that I could find and if you google around you will find discussions/solutions involving checking that feature, including in this forum.  I think if you specify that it must NOT be checked that may help others.

Edited October 12, 2017 by mustardman

[mustardman]

I think there is another problem that results from the first explained above.  Now that the full CC number is stored locally, if you switch the client payment method back from PayPal to Stripe and run a transaction, it then saves the Stripe token locally and remotely on Stripe.  However, the full CC number is still stored locally.  Now if you switch back to PayPal and delete the credit card locally, the token is still stored locally and remotely on Stripe.  Now switch back to Stripe and I believe you can still run a transaction using the card which is still stored on Stripe.  Probably an unlikely scenario but I don't think this should be possible in the first place.  

Edited October 12, 2017 by mustardman

[WHMCS John]

Hi,

We made some refinements to tokanisation gateway credit card detail  handling in v.7.3, so you will find that the "Manage Credit Card" option is no longer displayed in the client area in this situation. Therefore the client does not have the option to enter card details and have them stored locally.

Instead they will be required to follow the designed workflow to create a new remote storage token; by paying an invoice. Paying the invoice will create the remote token, store the token in WHMCS, and then activate the credit card management page in the client area.

[BlackhawkMSP]

I'm using the latest 7.9x and I'm getting "

• Remote Transaction Failure. Please Contact Support.

 

UserID => 4
message => An unexpected error - No Stripe Payment Method found from token
token => 

 

Remote Storage Error.

[bulge4024]

message => An unexpected error - No Stripe Payment Method found from token

 

Same error message, only for new customers or entering new card details. 

I see this is a common bug for many, yet I have been unable to find a solution.

 

[zalcig]

I started to have this issue after upgrading to 8.1.  Its ok with existing subscriptions, new orders or with adding new cards it doesnt work getting this error message.