Auto-charging of stored cards?

**chrisbfinternet** · 08-10-10, 12:17 PM

Hi there,

I'm looking to automate the billing process for renewals for our hosting clients. The manual process of print invoice, chase invoice, cash cheque etc. is too inefficient with a large customer base.

WHMCS seems to be the solution, but I can't find for definite if it's possible to auto-charge the card stored against a customer account at renewal / invoice due. The demo seems to require manual input for the CV2 when using a stored card (which I think is required for PCI compliance?) but the documentation refers to the being some automation options. This post hints that auto-charging may be possible.

Can we auto-charge all hosting clients at renewal, and nag clients who don't have any valid card details stored?

The payment gateway would be SagePay / Protx, although this could change if absolutely necessary.

Thanks,
Chris

**laszlof** · 08-10-10, 01:06 PM

Yes, WHMCS supports automatic billing on most (all?) payment gateways.

http://www.whmcs.com/fullfeatures.php

**John** · 08-10-10, 01:16 PM

Automatic credit card charging is possible with our supported merchant gateways: http://wiki.whmcs.com/Payment_Gateways

**chrisbfinternet** · 08-10-10, 02:24 PM

Hi guys,

That's brilliant news! Would the SagePay integration require 'form' or 'direct' integration (direct needing SSL & PCI compliance complications)?

If PCI compliance is required for SagePay, are there any of the supported merchant gateways that don't, meaning the implementation of WHMCS would be simpler?

Thanks,
Chris

**laszlof** · 08-10-10, 02:30 PM

I'm not sure what the difference is between "Form" and "Direct" integration. PCI Compliance is up to you to handle, WHMCS itself should be compliant but there is a lot more to it than just the web frontend when it comes to storing credit cards.

Since there is no whmcs module for sagepay, I would suggest using one of the already supported payment gateways unless you want to code (or pay someone to code) your own module for it.

**chrisbfinternet** · 08-10-10, 02:37 PM

Hi there,

Thanks for taking the time to reply. SagePay is the new name for Protx so the existing module should work.

SagePay form (Protx 'vsp form' as it was) involves passing the customer through to a page hosted on SagePay's server for payment, negating the need for any PCI compliance. All the processing is done away from WHMCS (which never sees any card details, just the status of payment successful/failed at the end).

SagePay direct means the customer will stay within the same website (i.e. the WHMCS installation) throughout the whole payment process, so an SSL will be required and maybe PCI compliance adhered to if details are stored on the server.

Does that help with the question?

Thanks,
Chris

**laszlof** · 08-10-10, 02:41 PM

I would imagine that the module uses the direct method, but you may want to open a ticket and ask specifically about it.

**chrisbfinternet** · 08-10-10, 02:46 PM

Thanks for your help Frank, my colleague did try a ticket but didn't really get the answer to the question. I shall try again to confirm 100% before we purchase.

Last one

Are there any modules you know of that support recurring auto-charging without the need for an SSL?

Thanks again,
Chris

**scurrell** · 08-10-10, 03:40 PM

Originally Posted by chrisbfinternet

Last one

Are there any modules you know of that support recurring auto-charging without the need for an SSL?

If you're not worried about protecting your customers information, then perhaps you shouldn't be in the hosting business.

Especially for the sake of $10 a year.....

PS. SagePay works fine.

**chrisbfinternet** · 08-10-10, 03:47 PM

Originally Posted by scurrell

If you're not worried about protecting your customers information, then perhaps you shouldn't be in the hosting business. Especially for the sake of $10 a year.....

That's not quite what I said - If there's a payment provider that can process payments on their server (as SagePay form does) then we are protecting our customers information in a better way, without getting caught up in PCI/ SSL etc. ourselves.

The cost of an SSL isn't the issue, it's just that the option of us storing the card details is the least desirable of the two.

**John** · 08-10-10, 05:39 PM

Even if you're not processing the card details on your website, I'd still recommend an SSL certificate to encrypt the other client data while it's being transmitted; name, address, telephone number etc.

**chrisbfinternet** · 08-11-10, 08:25 AM

Hi guys,

for future reference for people searching, I'd like to update this thread with a couple of links after digging around, specifically about SagePay:

In this thread regarding Quantum Gateway titled "Worried about the risks of storing credit cards and PCI Compliance" (which summarises our position, as we'd rather not store them if we don't have to) it mentions that SagePay also offers the facility to store credit card details, external to the WHMCS installation:

this new Vault Solution from Quantum Gateway enables you to accept credit cards while completely avoiding the hassles of PCI compliance

We will therefore be releasing modules for SagePay in due course to take advantage of these external storage solutions

Additionally, SagePay supports 'Continuous Authority transactions' (otherwise known as Recurring Billing) which is better than storing the card details:

Continuous Authority transactions do not require a CV2 value or expiry date. The initial regular transaction, once verified, will be a trusted card and so subsequent repeats of this transaction will not need to have the data passed again. If the card expires, as long as the card number has not changed, it can still be processed.

And from here:

The amount of the initial transaction has no relevance, as you can repeat for any amount below / above the previous PAYMENT/REPEAT. With regards to any cards that expire, as long as the card number has not changed, it can still be processed.

Using SagePay for Continuous Authority Payments does require a Continuous Authority Internet Merchant number from your Acquiring bank however. Continuous Authority does indeed work with VSP Form, Server and Direct methods of integrating with SagePay.

As repeat & Continuous Authority Payments are supported by VSP form (using a gateway page hosted by SagePay) there will be no need for us to use WHMCS to store credit card details.

That sounds perfect! I'll be contacting the WHMCS support team to find out more today, hopefully the WHMCS will support Continuous Authority Payments. If not, we'll have to write one!

Originally Posted by John

Even if you're not processing the card details on your website, I'd still recommend an SSL certificate to encrypt the other client data while it's being transmitted; name, address, telephone number etc.

Thanks John - that's definitely a good idea. Our developer informed me that we have an SSL already as it happens (which I didn't know about), so we'll definitely be making the most of that!

**chrisbfinternet** · 08-11-10, 10:15 AM

There is a module in WHMCS called SagePay Repeats for using this integration method that uses VSP Direct and the Repeat transaction process for recurring billing.

Brilliant!

Community Forums

Thread: Auto-charging of stored cards?

Thread Tools

Auto-charging of stored cards?

Similar Threads

Invoicing in one currency (CRC), but charging cards thru gateway in USD?

Don't ask for CVV on stored cards