Jump to content

Clients can't update their credit card information


bimag

Recommended Posts

Hi,

One of my clients contacted me because they can't find a way to update their payment details through WHMCS.

I am using Stripe

I have "Disable credit card storage" in the Security settings unchecked. 

 

When I log in as a client and go to the My Account section there is no options to update credit card. 

 

Is there something that I am missing?

 

Link to comment
Share on other sites

  • 1 month later...

Have you found a solution for this? I'm experiencing the same thing (although I do have "disable credit card storage" checked). But while logged in as the client I can't even access /clientarea.php?action=creditcard, and there is no menu item under Billing for managing credit card info (WHMCS 7.1.1). 

 

Link to comment
Share on other sites

When using the built-in Stripe gateway, wouldn't disabling the "Disable cc storage" feature still store the actual credit card info? I do not want to store credit card info.

What I mean about not being able to access that page is that if I enter the URL it redirects to the main client area page (when logged in as a client), and there is no menu option for managing credit card info anywhere. I did a test payment through Stripe (logged in as a fake client that I set up), for which you add a random expiration date, so I chose a date only about two weeks in the future. The test payment worked fine as far as I can tell and the invoice was automatically marked as Paid. I'm now getting a notification in the Client Aria saying that my credit card info is about to expire (so it clearly stored something even with the "Disable cc storage" box checked), but when I click on the notification, again it redirects to the main page. Basically everything seems to have worked but there's no way available in the client area to manage credit card info.

Link to comment
Share on other sites

The module saves the last 4 digits of the card and the expiration date but not the full card number.   Stripe returns the last 4 and the expiration via API and per their docs anything returned by API is in PCI compliance.   WHMCS uses the expiration date for at least sending out the expired card notice.   If you don't want any card info saved, then you would need to do your own module. 

Link to comment
Share on other sites

Well that seems like a bug then. Having "Disable CC storage" checked prevents the client from being able to modify or delete the credit card info, but if the expiration date is coming up then the client still gets a notification saying "please update your credit card info." If the client can't change the credit card info stored on Stripe from their WHMCS client area unless I store the full credit card info (which I definitely don't want to do), then there should be no notification, and it should just say "Expired" during checkout where it asks whether they'd like to use the card on file.

Link to comment
Share on other sites

I just changed my dev install to use the built-in stripe and checked "Disable CC Storage" .   The Stripe module appears to not require that on as previously thought as had been experienced with another similar module that uses tokens.  As such, you can use that option -- noting it will remove any stored card information which appears to be the case.  However, it did not remove the tokens of Stripe and just their information.  Upon re-entering the card info it does store the last 4 and expiration date, which again from what I understand is fine for PCI.   However, I did notice that the cardnum field gets content when previously it was empty according to phpmyadmin.  I did not take time to see if the full card was there.  That may indeed then be a bug of both the disable cc storage and of the module storing the full CC when a token is used. 

This is yet another reason why WHMCS needs to change to Stripe Elements as WHMCS will never get the full CC number.   As a result, even bugs within WHMCS would not allow full card number storage unless they purposely tracked keystrokes or something else to get it via javascript if even possible. 

Link to comment
Share on other sites

Thanks for checking that out. Perhaps I'll have to report it as a bug. In the meantime it sounds like the customer cannot manage their CC info on Stripe unless "Disable CC storage" is un-checked, which I don't want to do if it would store the full CC info. That's fine, but I'll have to figure out how to change the "Update expiration" notification, since in that case, the client has no access to edit the expiration.

Thanks for your help.

Link to comment
Share on other sites

I am not sure what you mean by they can not manage their card info?   I was able to enter the test card on the manage credit card page as well as delete the card info, which deletes the card and closes the client at Stripe.   If you are seeing something different, that please describe it further. 

Link to comment
Share on other sites

I meant that they can't manage their card info unless "Disable CC storage" is un-checked. I'm not interested in storing the full CC info so I'd rather leave it checked, and if that means that the client can't delete or change their CC info, that's fine for now (although it would be nice if they could still at least delete it).

The bug is that if the expiration date is coming up on a card they've used before, they still get a notification telling them they need to update their credit card, which they don't have access to do. So if "Disable CC storage" is checked, they should not receive that notification and instead the card should simply not be available for re-use in checkout.

Link to comment
Share on other sites

But - if it doesn't store the full CC info with the Stripe module when "Disable CC storage" is un-checked, then none of this really matters and I'll just un-check it. That would be the ideal situation anyway. I just don't want to have to worry about storing the CC info, that's all. Although if that's the case then some kind of notice in the Stripe module saying that CC info isn't stored locally regardless of whether the "Disable CC storage" option is checked would be helpful.

Link to comment
Share on other sites

Perhaps I wasn't clear, but I was able to change the card info via the client area with or without disable CC storage on or off.  It did not matter what the setting was, either one allowed to edit via the manage card page.   And on checkout page, I was able to use the " Enter New Card Information Below" radio button which showed the form to update.   So again, if you are not seeing that then it is perhaps something with your template .  If you're using a custom template, change to "six" (default) and see if the fields work then.  

With that said, do note that Stripe requires the full PCI compliance report instead of their pre-filled one when using the built-in Stripe module. 

Link to comment
Share on other sites

Interesting, I can only access the CC manage page when "Disable CC storage" is un-checked. When "Disable CC storage" is checked it redirects to the main page and is no longer available in the menu. I'll try switching the theme.

I have gotten PCI certified, but I still do not want to store CC info, so I'll do some tests and see what happens.

Thanks for your help.

Link to comment
Share on other sites

Just double checked and the only differences between my template and the latest Six template are the custom styles that I put in, none of which should be affecting this feature. So it seems the template isn't the issue and in 7.7.1, it just fully removes access to the CC manage page when "Disable CC storage" is checked. Unfortunate.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated