|
|
(15 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | ==Introduction==
| + | In WHMCS, a Pay Method is a payment method that belongs to a client. It can represent a credit card or a bank account. Clients can choose any of their available payment methods during checkout for new orders and for payment of invoices. Each individual payment method has an associated '''[[Payment Gateways|Payment Gateway]]''' and can also have a different associated billing address. |
| | | |
− | In WHMCS, a Pay Method is a method of payment belonging to a client. A Pay Method can represent a credit card or a bank account and a client can have multiple Pay Methods associated with their account.
| + | <div class="docs-alert-info"> |
| + | The following settings in the '''[[Security Tab|Security]]''' tab at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > General Settings''' affect payment method behavior: |
| | | |
− | Clients can choose any of their available Pay Methods during checkout both for new orders and payment of invoices.
| + | * '''Allow Client Pay Method Removal''' |
− | | + | * '''Delete Encrypted Credit Card Data''' |
− | Each Pay Method can also have a different billing address associated with it if required.
| + | * '''Delete Encrypted Bank Account Data''' |
| + | </div> |
| | | |
| ==Default Pay Method== | | ==Default Pay Method== |
| | | |
− | There must always be a default Pay Method and this is the Pay Method that is used by default for all automatic recurring payment attempts.
| + | Clients must always have a default payment method. This is the payment method that all new automatic recurring payment attempts use by default. |
| | | |
− | In certain conditions, the default Pay Method may not be applicable for a given invoice, for example when the default Pay Method is tokenized with a specific payment gateway and the invoice's payment method is a different gateway. In this scenario, the first applicable Pay Method for the user in order of display is used. | + | In some scenarios, the default payment method may not be valid for a specific invoice (for example, when the default payment method is tokenized with a specific payment gateway and the invoice's payment method uses a different payment gateway). If this occurs, the system uses the client's first applicable payment method. |
| | | |
− | <div class="docs-alert-info">'''Please Note:''' At this time, it is not possible to set a different default Pay Method on a per service basis, although this functionality is planned to be delivered in a future update.</div> | + | <div class="docs-alert-warning"> |
| + | * You cannot set a different default payment method on a per-service basis. |
| + | * Changing the default payment method will not change the payment method that existing unpaid invoices use. |
| + | </div> |
| | | |
| ==Managing Pay Methods== | | ==Managing Pay Methods== |
Line 19: |
Line 24: |
| ===Admin Area=== | | ===Admin Area=== |
| | | |
− | A Clients' Pay Methods can be viewed via a dedicated panel on the Client Summary page within the Admin Area.
| + | You can manage client payment methods from the '''[[Clients:Summary_Tab|Summary]]''' tab of the client profile. |
− | | |
− | The default Pay Method will always be displayed at the top of the list, and be indicated via an icon.
| |
− | | |
− | Clicking on any Pay Method within the list will open a popup that allows you to view and manage the selected Pay Method.
| |
| | | |
− | [[File:Paymethod-admin-area-v2.png]] | + | [[File:Paymethod-admin-area-v3.png]] |
− | | |
− | The following actions are available:
| |
− | | |
− | * '''Decrypt Card Number''' - Credit card numbers are always displayed masked, only revealing the last 4 digits. To view the full card number, click the eye icon located to the right of the Card Number field and enter the ''Credit Card Encryption Hash'' when prompted.
| |
− | * '''Edit''' - For an existing Pay Method you can edit certain fields and values. In the case of a credit card, this includes the Expiry Date and Card Description. In the case of a bank account, this includes the Account Holder Name, Account Number, Routing Number and Bank Account Description.
| |
− | * '''Delete''' - To delete a Pay Method, first click on the Pay Method to open the edit window, and then click the Delete button. You will be asked for confirmation before the deletion is completed.
| |
− | | |
− | <div class="docs-alert-warning">The Credit Card Encryption hash can be found within the WHMCS configuration.php file located within the root directory of a WHMCS installation.</div>
| |
− | | |
− | To add a new Pay Method, click the "Add Credit Card" or "Add Bank Account" links located within the Pay Methods panel on the Client Summary page. A popup will open allowing you to enter the details for the Pay Method.
| |
− | | |
− | <div class="docs-alert-info">Note that these options will only display if you have an appropriate Payment Gateway activated. If you do not have either an active merchant gateway and/or bank account module, then no options to add Pay Methods will be displayed.</div>
| |
− | | |
− | When multiple Payment Gateways are active, and include a combination of both local card storage and tokenized payment gateway modules, upon selecting to add a credit card, you will be prompted for the Storage Method you wish to use. Essentially you need to tell WHMCS if the card should be tokenized with your desired Payment Gateway, or stored locally and encrypted in the database. In most cases if you have a tokenization payment gateway in use, you will probably want to use this.
| |
− | | |
− | ====Force Delete====
| |
− | If an error occurs deleting a remote Pay Method, or if the gateway that a remote Pay Method is associated with has been deactivated, WHMCS will be unable to delete the record. When this happens, a message will be shown displaying the error that occurred and providing an option to ignore and force delete the Pay Method.
| |
− | [[File:PayMethodDeleteFail.png]]
| |
− | | |
− | Force deleting a Pay Method will not run anything on the remote gateway system. Manual removal of any records in a gateway account would need to be done manually if required, when force deleting from WHMCS.
| |
| | | |
| ===Client Area=== | | ===Client Area=== |
| | | |
− | Clients can view and manage Pay Methods via the "Payment Methods" page accessible from the Billing and Account sub-menus within the Client Area. | + | Clients can view and manage payment method at '''Billing > Payment Methods''' in the Client Area. |
| | | |
− | [[File:Paymethods-client-area.png]] | + | [[File:payment-methods.png|400px]] |
| | | |
− | Clients can view all of their saved Pay Methods, edit (update descriptions and expiry date), delete (if enabled) and change the default Pay Method used for automated recurring payment attempts. | + | Clients can view all of their saved payment methods, update their descriptions and expiry dates, delete them (if you enable this), and change the default payment method for automated recurring payment attempts. |
| | | |
− | <div class="docs-alert-warning">If you have multiple Payment Gateways active, including a mix of both Tokenized and non-tokenized Payment Gateways, customers will be presented with the option to choose the desired Payment Method when adding a Pay Method via the Client Area. This is essential for knowing whether the card should be stored locally encrypted in the WHMCS database, or remotely with the Tokenized Payment Gateway. If you do not wish to allow customers to store cards locally, please refer to the ''Enforcing Tokenization'' section below.</div> | + | <div class="docs-alert-warning"> |
| + | If you use tokenized and non-tokenized payment gateways, customers can choose the desired payment method when adding one via the Client Area. This determines whether to store the card locally, encrypted in the WHMCS database, or remotely with the tokenized payment gateway. |
| + | </div> |
| | | |
| ==Processing Payments== | | ==Processing Payments== |
| | | |
− | Automated recurring charges will be attempted for capture automatically using the default Pay Method for a given client.
| + | The system attempts recurring charges for capture automatically using the client's default payment method. If no payment method exist for a client, the client will receive an email informing them that the system could not attempt an automated payment and that they must log in and pay the invoice manually. |
− | | |
− | If no Pay Methods exist for a client, the client will receive an email informing them that an automated payment could not be attempted and that they must login and pay the invoice manually. | |
− | | |
− | To use a different card, client can login and pay an unpaid invoice manually at any time via the Client Area.
| |
− | | |
− | Admin Area users can also attempt a capture at any time using any stored Pay Method. To do this, navigate to the desired invoice within the Admin Area and click the Attempt Capture button. ''If this button does not appear or is disabled, check the Payment Method that the invoice is assigned to via the Options tab.''
| |
− | | |
− | Upon clicking the Attempt Capture button, a popup window will appear allowing you to choose the desired Pay Method to be used. Select the desired entry, optionally enter the CVV number for the card if available, and then click the Attempt Capture button to attempt the payment.
| |
− | | |
− | ==Related Settings==
| |
− | | |
− | The following settings affect the behaviour of Pay Method functionality and can be found in ''Setup > General Settings > Security'':
| |
− | | |
− | * Allow Client CC Removal - Enabling this option allows customers to delete saved Pay Methods from their account. It also provides customers with a choice during checkout to allow them to choose to store the payment details they are entering as a saved Pay Method for faster checkouts in future. ''We recommend leaving this option enabled.''
| |
− | | |
− | * Delete Encrypted Credit Card Data - This option allows you to perform a mass-deletion of all encrypted credit card data that is stored within the WHMCS database. You can use this if you want to instantly and immediately remove all sensitive pay method related data from the database. Note that this action cannot be un-done so exercise caution before using this functionality.
| |
− | | |
− | ==Tokenization of Pay Methods==
| |
− | | |
− | ===Introduction===
| |
− | | |
− | Tokenization is a process in which sensitive payment details are stored remotely by a payment gateway processor. This is intended to reduce the security burden and limit the liability on you as a business. Examples of payment gateways that support tokenization include Authorize.net, Stripe, Quantum Gateway, etc...
| |
− | | |
− | When a tokenization payment gateway is in use, the details for a Pay Method are stored remotely by a given payment gateway and therefore the Pay Method is restricted for use only by the given payment gateway.
| |
− | | |
− | In such scenarios, the ability to use a given Pay Method with other payment gateways will be restricted. This will become apparent during checkout when switching between payment methods (also referred to as payment gateways) and the list of available Pay Methods changing. For example, a Stripe Pay Method cannot be used to pay an invoice assigned to Authorize.net and vice-versa.
| |
− | | |
− | ===Tokenization Migration===
| |
| | | |
− | If you have previously used a Payment Gateway that stores credit cards locally and wish to switch to a Tokenized Payment Gateway solution, the following considerations apply:
| + | === Changing Payment Methods === |
| | | |
− | # Activating a Tokenization Payment Gateway module in addition to a non-tokenized Merchant Gateway module will still allow credit cards to be stored locally by both Admin and Client Users.
| + | To use a different card, clients can log in to the Client Area and pay the unpaid invoice manually. |
− | # Activating a Tokenization Payment Gateway does not remove existing locally stored credit cards from the database. To do this, please refer to the ''Related Settings'' above.
| |
− | # To enforce use of a tokenization Payment Gateway for Clients, please see the ''Enforcing Tokenization'' section below.
| |
− | # In many cases, WHMCS can convert locally stored credit cards to tokenized cards upon the next automated recurring payment attempt automatically. With some tokenized Payment Gateways this may not be possible due to technical restrictions imposed by the Payment Gateway. Please refer to the documentation for your specific [[Payment Gateways|Payment Gateway]] for further information.
| |
| | | |
− | ===Enforcing Tokenization=== | + | === Capturing Payment Using a Stored Payment Method === |
| | | |
− | To enforce the use of a Tokenization Payment Gateway and prevent new credit cards from being stored locally, you simply need to hide all non-tokenization Payment Gateways from the order form.
| + | Admins can also attempt to capture payment at any time using a stored payment method. |
| | | |
− | To do this, navigate to Setup > Payments > Payment Gateways, select the ''Manage Existing Gateways'' tab, and ensure the '''Show on Order Form''' checkbox is deselected for all non-tokenization Merchant Gateway Modules. | + | To do this: |
| | | |
− | <div class="docs-alert-info">Note that doing this does not delete existing credit cards stored locally in the database. If you wish to do this, an option is available in ''General Settings > Security''. Please refer to the ''Related Settings'' for more information.</div>
| + | # Go to the desired invoice in the [[Admin Area]]. |
| + | # Click '''Attempt Capture'''. If '''Attempt Capture''' does not appear or is disabled, check the invoice's assigned payment method in the '''Options''' tab. |
| + | # Choose the desired payment method to use. |
| + | # Optionally, enter the CVV number for the card. |
| + | # Click '''Attempt Capture''' to attempt the payment. |
In WHMCS, a Pay Method is a payment method that belongs to a client. It can represent a credit card or a bank account. Clients can choose any of their available payment methods during checkout for new orders and for payment of invoices. Each individual payment method has an associated Payment Gateway and can also have a different associated billing address.
Clients must always have a default payment method. This is the payment method that all new automatic recurring payment attempts use by default.
In some scenarios, the default payment method may not be valid for a specific invoice (for example, when the default payment method is tokenized with a specific payment gateway and the invoice's payment method uses a different payment gateway). If this occurs, the system uses the client's first applicable payment method.
Clients can view all of their saved payment methods, update their descriptions and expiry dates, delete them (if you enable this), and change the default payment method for automated recurring payment attempts.
The system attempts recurring charges for capture automatically using the client's default payment method. If no payment method exist for a client, the client will receive an email informing them that the system could not attempt an automated payment and that they must log in and pay the invoice manually.
To use a different card, clients can log in to the Client Area and pay the unpaid invoice manually.
Admins can also attempt to capture payment at any time using a stored payment method.