Changing credit card details and the CVV

[Blueberry3.14]

This *seems* like the correct forum for my query, since it does indirectly involve WHMCS. Mostly I'm just wondering how others handle this issue, and I'm surprised it hasn't been brought up before. And yet, I've used WHMCS for 3 years now, and only recently this dawned on me! (If it has and my search-fu missed it, I apologize.)

 

I sell hosting, domains and design/website maintenance services, and use WHMCS for all billing, ordering and client management. When a client first signs up, they typically (but not always) sign up and have an initial invoice ready in which to input their CC's CVV.

 

I say "not always", because I do have some clients who will register as a client (for maintenance), and not be invoiced until after I've done the work.

 

The problem lies in when a client changes their credit card mid-cycle. There is no place for the client to input the CVV, and rightly so, as it would need to be stored "somewhere" until the next invoice is run.

 

So what am I missing here, how do the rest of you handle this?

 

I know in Matt's/WHMCS's own Client Area, the only way *I* can change my businesses credit info with him/them is when there's an open invoice and I want to pay it right them. Now I know WHY he set it that way! And though this isn't meant as a criticism of WHMCS or Matt, I'm wondering why it wasn't set that way in all of WHMCS.

 

I asked Matt about the issue, and he said I could modify the credit card details tpl to not allow clients to change their credit card info, and instruct them to do this in an open invoice. I have no problem doing that, it just seems like there should be another way, by default.

 

I know as a consumer, whenever I change my credit card info online, a good portion of the time I'm asked for the CVV even though there is no pending transaction. I swear, this PITA is making just using PayPal to run all credit cards through look good, and I *hate* PayPal...

 

So again, I'm just asking how everyone else deals with this issue. I think (unless there's a better way), I'm going to modify the templates and instruct clients to change their credit card info on the next invoice (and explain why).

 

I have WHMCS set to create invoices 10 days prior to the due date. I may need to up that to 15 or 20 days, to give more of an open window for payment changes to happen. I've been in business 7 years, and NEVER had so much trouble getting paid as I have the last year. But I'm sure I'm not alone in that, and I am grateful to still be in business.

[moonsoft]

I would have to agree with you, if someones card is about to expire there should be a place to update the info and the cvv code, i know that LAW dictates merchants cannot store CVV data, and I understand this, but isn't there a way that WHMCS could only use this information ONCE and the set something up to delete it?

 

Just curious. I'm migrating from Modernbill V5 right now.....

[Blueberry3.14]

I would have to agree with you, if someones card is about to expire there should be a place to update the info and the cvv code, i know that LAW dictates merchants cannot store CVV data, and I understand this, but isn't there a way that WHMCS could only use this information ONCE and the set something up to delete it?

 

Just curious. I'm migrating from Modernbill V5 right now.....

 

I plan to edit the template and disable clients being able to change CC details, except in an open invoice when they are paying right then. I'm also thinking this should be a feature request from WHMCS.

 

I'm putting a blurb in with instructions for my clients, if they need a reminder from us and/or need an invoice to be issued early.

[scurrell]

I know that LAW dictates merchants cannot store CVV data, and I understand this, but isn't there a way that WHMCS could only use this information ONCE and the set something up to delete it?

 

But until there's an open invoice so the CVV is required, it would HAVE to be stored, so would therefore be breaking the law. Can't be done.

[Blueberry3.14]

But until there's an open invoice so the CVV is required, it would HAVE to be stored, so would therefore be breaking the law. Can't be done.

 

Agreed. Only way around this legally, to bypass WHMCS and input the new information by hand into your gateway's interface (because they *can* legally store it), would be a waste of time/resources and a massive PITA.

[bear]

by hand into your gateway's interface (because they *can* legally store it), would be a waste of time/resources and a massive PITA.

Actually, no, they can't. They use it to authorize the first charge when it's submitted and then discard it, assuming it won't change until the card does. No one is allowed to store those beyond long enough to capture the order and process it.

[Blueberry3.14]

Actually, no, they can't. They use it to authorize the first charge when it's submitted and then discard it, assuming it won't change until the card does. No one is allowed to store those beyond long enough to capture the order and process it.

 

I stand corrected.

 

What I'd meant to say is that the CVV can be manually entered each time, which is what the merchant account support tech suggested, but also acknowledged this defeats the purpose of having software that does recurring billing.