WHMCS and Stripe

KuJoe

@sman said:

@KuJoe said:
I'm not sure if the current ServerPing module is PCI compliant or not but I would triple check before using it since storing Stripe data in plain text in the database would allow a hacker to charge their credit cards without their authorization. I used ServerPing for a while but got tired of having to edit templates every time WHMCS changed something in their themes so we switched to https://mostripe.com (Stripe Checkout, not Stripe + WHMCS which requires you to be PCI compliant) for a very small fee and it works 100% of the time without needing to change anything and it doesn't store client credit card data on our servers which is a bonus.

Credit card numbers are not stored locally unless you set WHMCS to do that. Only thing that is stored locally is a token.

I never said it stored credit card numbers, I said it stored Stripe/credit card data which can be used to bill client's credit cards. If it was storing credit card numbers I would have made a thread about it everywhere I could to warn people about it.

sman

@KuJoe said:

@sman said:

@KuJoe said:
I'm not sure if the current ServerPing module is PCI compliant or not but I would triple check before using it since storing Stripe data in plain text in the database would allow a hacker to charge their credit cards without their authorization. I used ServerPing for a while but got tired of having to edit templates every time WHMCS changed something in their themes so we switched to https://mostripe.com (Stripe Checkout, not Stripe + WHMCS which requires you to be PCI compliant) for a very small fee and it works 100% of the time without needing to change anything and it doesn't store client credit card data on our servers which is a bonus.

Credit card numbers are not stored locally unless you set WHMCS to do that. Only thing that is stored locally is a token.

I never said it stored credit card numbers, I said it stored Stripe/credit card data which can be used to bill client's credit cards. If it was storing credit card numbers I would have made a thread about it everywhere I could to warn people about it.

It stores the same thing locally as mostripe does as far as I can tell. A stripe token. I am guessing you can switch between the two modules and payments would still go through because they both use the same token.

You claim you switched so you should know that. Maybe it slipped your mind?

KuJoe

@sman said:

@KuJoe said:

@sman said:

@KuJoe said:
I'm not sure if the current ServerPing module is PCI compliant or not but I would triple check before using it since storing Stripe data in plain text in the database would allow a hacker to charge their credit cards without their authorization. I used ServerPing for a while but got tired of having to edit templates every time WHMCS changed something in their themes so we switched to https://mostripe.com (Stripe Checkout, not Stripe + WHMCS which requires you to be PCI compliant) for a very small fee and it works 100% of the time without needing to change anything and it doesn't store client credit card data on our servers which is a bonus.

Credit card numbers are not stored locally unless you set WHMCS to do that. Only thing that is stored locally is a token.

I never said it stored credit card numbers, I said it stored Stripe/credit card data which can be used to bill client's credit cards. If it was storing credit card numbers I would have made a thread about it everywhere I could to warn people about it.

It stores the same thing locally as mostripe does as far as I can tell. A stripe token. I am guessing you can switch between the two modules and payments would still go through because they both use the same token.

You claim you switched so you should know that. Maybe it slipped your mind?

MoStripe does not store anything in the database for the module I am using and suggested above. It also doesn't support subscriptions which sucks but it's more secure so that's the trade off.

sman

@KuJoe said:

@sman said:

@KuJoe said:

@sman said:

@KuJoe said:
I'm not sure if the current ServerPing module is PCI compliant or not but I would triple check before using it since storing Stripe data in plain text in the database would allow a hacker to charge their credit cards without their authorization. I used ServerPing for a while but got tired of having to edit templates every time WHMCS changed something in their themes so we switched to https://mostripe.com (Stripe Checkout, not Stripe + WHMCS which requires you to be PCI compliant) for a very small fee and it works 100% of the time without needing to change anything and it doesn't store client credit card data on our servers which is a bonus.

Credit card numbers are not stored locally unless you set WHMCS to do that. Only thing that is stored locally is a token.

I never said it stored credit card numbers, I said it stored Stripe/credit card data which can be used to bill client's credit cards. If it was storing credit card numbers I would have made a thread about it everywhere I could to warn people about it.

It stores the same thing locally as mostripe does as far as I can tell. A stripe token. I am guessing you can switch between the two modules and payments would still go through because they both use the same token.

You claim you switched so you should know that. Maybe it slipped your mind?

MoStripe does not store anything in the database for the module I am using and suggested above. It also doesn't support subscriptions which sucks but it's more secure so that's the trade off.

According to their website they do store things locally. So I have no idea what you are talking about unless it's not their WHMCS module in which case it's apples and oranges.

We also offer WHMCS module for Stripe Checkout that is 100% PCI complaint.NEW

Credit card information will not be stored. This module creates and stores customer and card tokens for future payments.

KuJoe

@sman said:

@KuJoe said:

@sman said:

@KuJoe said:

@sman said:

@KuJoe said:
I'm not sure if the current ServerPing module is PCI compliant or not but I would triple check before using it since storing Stripe data in plain text in the database would allow a hacker to charge their credit cards without their authorization. I used ServerPing for a while but got tired of having to edit templates every time WHMCS changed something in their themes so we switched to https://mostripe.com (Stripe Checkout, not Stripe + WHMCS which requires you to be PCI compliant) for a very small fee and it works 100% of the time without needing to change anything and it doesn't store client credit card data on our servers which is a bonus.

Credit card numbers are not stored locally unless you set WHMCS to do that. Only thing that is stored locally is a token.

I never said it stored credit card numbers, I said it stored Stripe/credit card data which can be used to bill client's credit cards. If it was storing credit card numbers I would have made a thread about it everywhere I could to warn people about it.

It stores the same thing locally as mostripe does as far as I can tell. A stripe token. I am guessing you can switch between the two modules and payments would still go through because they both use the same token.

You claim you switched so you should know that. Maybe it slipped your mind?

MoStripe does not store anything in the database for the module I am using and suggested above. It also doesn't support subscriptions which sucks but it's more secure so that's the trade off.

According to their website they do store things locally. So I have no idea what you are talking about unless it's not their WHMCS module in which case it's apples and oranges.

We also offer WHMCS module for Stripe Checkout that is 100% PCI complaint.NEW

Credit card information will not be stored. This module creates and stores customer and card tokens for future payments.

Their website specifically says "Credit card information will not be stored", I checked the database and confirmed nothing is stored. End of story.

KuJoe

@KuJoe said:

@sman said:

@KuJoe said:

@sman said:

@KuJoe said:

@sman said:

@KuJoe said:
I'm not sure if the current ServerPing module is PCI compliant or not but I would triple check before using it since storing Stripe data in plain text in the database would allow a hacker to charge their credit cards without their authorization. I used ServerPing for a while but got tired of having to edit templates every time WHMCS changed something in their themes so we switched to https://mostripe.com (Stripe Checkout, not Stripe + WHMCS which requires you to be PCI compliant) for a very small fee and it works 100% of the time without needing to change anything and it doesn't store client credit card data on our servers which is a bonus.

Credit card numbers are not stored locally unless you set WHMCS to do that. Only thing that is stored locally is a token.

I never said it stored credit card numbers, I said it stored Stripe/credit card data which can be used to bill client's credit cards. If it was storing credit card numbers I would have made a thread about it everywhere I could to warn people about it.

It stores the same thing locally as mostripe does as far as I can tell. A stripe token. I am guessing you can switch between the two modules and payments would still go through because they both use the same token.

You claim you switched so you should know that. Maybe it slipped your mind?

MoStripe does not store anything in the database for the module I am using and suggested above. It also doesn't support subscriptions which sucks but it's more secure so that's the trade off.

According to their website they do store things locally. So I have no idea what you are talking about unless it's not their WHMCS module in which case it's apples and oranges.

We also offer WHMCS module for Stripe Checkout that is 100% PCI complaint.NEW

Credit card information will not be stored. This module creates and stores customer and card tokens for future payments.

Their website specifically says "Credit card information will not be stored", I checked the database and confirmed nothing is stored. End of story. Please make sure you are reading my posts correctly to avoid confusion.

sman

@KuJoe

I think you are the one confused. As I already said serverping whmcs stripe module stores the same thing mostripe whmcs stripe module stores. A token. Not the actual credit card number or any other credit card information. If you still disagree then go argue with mostripe who say the same thing on their own website. I posted the actual text from their website but you apparently didn't even bother reading it.

KuJoe

@sman said:
@KuJoe

I think you are the one confused. As I already said serverping whmcs stripe module stores the same thing mostripe whmcs stripe module stores. A token. Not the actual credit card number or any other credit card information. If you still disagree then go argue with mostripe who say the same thing on their own website. I posted the actual text from their website but you apparently didn't even bother reading it.

You are looking at the wrong module. The Stripe Checkout module from MoStripe does not store anything in the database. I looked in the database and confirmed that nothing in stored there from the MoStripe module. On their website they even say that the Stripe Checkout does not store anything in the database, you must be looking at their non-PCI compliant module (RoudiApp) which DOES store the token but I never recommended it as you can see from my previous posts I've only recommended their Stripe Checkout module which is 100% PCI complient unlike the ServerPing module which is not because it stores data in the WHMCS database making it possible for clients credit cards to be billed by anybody with access to WHMCS or the database.

sman

@KuJoe said:

@sman said:
@KuJoe

I think you are the one confused. As I already said serverping whmcs stripe module stores the same thing mostripe whmcs stripe module stores. A token. Not the actual credit card number or any other credit card information. If you still disagree then go argue with mostripe who say the same thing on their own website. I posted the actual text from their website but you apparently didn't even bother reading it.

You are looking at the wrong module. The Stripe Checkout module from MoStripe does not store anything in the database. I looked in the database and confirmed that nothing in stored there from the MoStripe module. On their website they even say that the Stripe Checkout does not store anything in the database, you must be looking at their non-PCI compliant module (RoudiApp) which DOES store the token but I never recommended it as you can see from my previous posts I've only recommended their Stripe Checkout module which is 100% PCI complient unlike the ServerPing module which is not because it stores data in the WHMCS database making it possible for clients credit cards to be billed by anybody with access to WHMCS or the database.

Lol. Let me cut/paste AGAIN! DIRECTLY FROM THE FRONT PAGE OF THEIR WEBSITE!

Shezzus. Please don't waste any more of my time. Go argue with the developers of the software who you apparently disagree with.

We also offer WHMCS module for Stripe Checkout that is 100% PCI complaint.NEW

Credit card information will not be stored. This module creates and stores customer and card tokens for future payments.

KuJoe

Damn, I thought you were being serious but now I see I'm being trolled. What a waste of time.

sman

@KuJoe said:
Damn, I thought you were being serious but now I see I'm being trolled. What a waste of time.

Serious question. Is english your first language?

KuJoe

@sman said:

@KuJoe said:
Damn, I thought you were being serious but now I see I'm being trolled. What a waste of time.

Serious question. Are you retarded?

No, but I can read just fine. Please screenshot where it says they store data or even where the word token can even be found on this page: https://mostripe.com/whmcs/checkout/

Again, you are looking at the wrong module.

sman

@KuJoe said:

@sman said:

@KuJoe said:
Damn, I thought you were being serious but now I see I'm being trolled. What a waste of time.

Serious question. Are you retarded?

No, but I can read just fine. Please screenshot where it says they store data or even where the word token can even be found on this page: https://mostripe.com/whmcs/checkout/

Again, you are looking at the wrong module.

I only cut/paste it from that page 2 times now...lol. Yes that page at that link you posted. You need your eyes checked or have a serious learning/reading disability or something.

KuJoe

@sman said:

@KuJoe said:

@sman said:

@KuJoe said:
Damn, I thought you were being serious but now I see I'm being trolled. What a waste of time.

Serious question. Are you retarded?

No, but I can read just fine. Please screenshot where it says they store data or even where the word token can even be found on this page: https://mostripe.com/whmcs/checkout/

Again, you are looking at the wrong module.

I only cut at paste it from that page 2 times now...lol. You really are retarded or need your eyes checked I think.

No you didn't. I even checked the page's source code and the word token cannot be found on the page. Troll confirmed.

sman

@KuJoe said:

@sman said:

@KuJoe said:

@sman said:

@KuJoe said:
Damn, I thought you were being serious but now I see I'm being trolled. What a waste of time.

Serious question. Are you retarded?

No, but I can read just fine. Please screenshot where it says they store data or even where the word token can even be found on this page: https://mostripe.com/whmcs/checkout/

Again, you are looking at the wrong module.

I only cut at paste it from that page 2 times now...lol. You really are retarded or need your eyes checked I think.

No you didn't. I even checked the page's source code and the word token cannot be found on the page. Troll confirmed.

For the love of dog can someone point out to this guy what he apparently cannot see right in front of his face....HAHA. I'm outta here. Life is just too short.

Ishaq

KuJoe

@Ishaq said:

Thank you! Now I know I'm not crazy (or seeing cached versions of the site or something).

Ishaq

@KuJoe said: Thank you! Now I know I'm not crazy (or seeing cached versions of the site or something).

It did have tokens on the page once upon a time, but no idea when they changed it. Latest snapshot I can find is 11th of September:

http://web.archive.org/web/20150911210603/https://mostripe.com/whmcs/

daily

So @sman gets mad at @KuJoe over something a past version of a website says, but doesn't explain that the version of the site he is looking at is ~2015. We have a winner folks. The only question now is if that information changes anything.

Ishaq

My bad that cache is for https://mostripe.com/whmcs/ not https://mostripe.com/whmcs/checkout

https://mostripe.com/whmcs/ still has that token text, while https://mostripe.com/whmcs/checkout is what @KuJoe is referring to.

@sman is mistaken.

KuJoe

I think that's where the confusion lies, mostripe.com offer two different modules, one that supports subscriptions and uses tokens (RoudiApp) and one that is 100% PCI compliant and does not store anything in the database (Stripe Checkout). The module I am talking about is Stripe Checkout which I mentioned multiple times and even linked to it above so I'm not sure how the confusion started.