FREQUENTLY ASKED QUESTIONS (FAQ)
Q: Are there any cron jobs needed for this module?
A: No. The update to the local database is made when new/updated credit card info is entered. So, there is no need to run a cron job to update this information.
Q: Does this module replace the existing WHMCS Quantum Vault Gateway Module or client area credit card functionality?
A: No. It does not replace any existing WHMCS modules or core functionality. It is simply an addon module to give functionality to the client, which is missing from the existing Quantum Vault Module.
Q: What does the "Payment Update URL" setting do (under the "Inline Frame API" section of the "Processing Settings" area in the Quantum Gateway admin console)? Is this sending credit card information somewhere else?
A: This is a redirect back to your web site, after an update is made in the iframe window (the window that is being loaded from Quantum on your site). The contents of the iframe window are running on Quantum's servers, not your local server. Since the module is running a function to update the information in the local database (last 4 of the CC, card type, expiration date), and doing a redirect back to the client area, you need this URL setting in Quantum. If you don't have it set, you get a redirect of your entire page within the iframe window. So, you have your full site (header, footer and all) running the iframe window. After the module runs the update function, it does a redirect and break out of the iframe window. This prevents the site in a site window issue from appearing. The URL, you are using in the "Payment Update URL" setting, is to the module running on your own site. This is only a redirect after an update is made. This would be the same as the redirect after payment you might use on something like PayPal.
Q: I don't want my customers to be able to use the their credit card on file to make manual payment, remove their credit card on file, or disable automatic credit card processing. Is it possible to disable these options?
A: Yes. You can enable/disable these options under the addon module settings. Go to Setup > Addon Modules in the WHMCS admin console, and click "Configure" for the module. Once the changes are made click "Save Changes".
Q: Since the module files are encoded, how can I be sure this module doesn't send full credit card numbers elsewhere, or use full credit card numbers in the code?
A. The Quantum API does not allow you to pull the entire credit card number. You also cannot capture it from the iframe. So, there is absolutely no way the module could ever have access to the full credit card number. The only thing returned from Quantum, when you query the credit card number via their API, is the last four numbers of the credit card. The iframe runs the form on Quantum's servers, so the full credit card number never passes across your network. The full credit card number is also never displayed in the iframe. Quantum prevents full credit card information from being queried or being displayed.
The type of Quantum Vault API request, the module is using, is the "ShowVaultDetails" request. It is querying the following items:
- CardType (string) MC/VI/DS/AE/DC/JC
- CreditCardNumber (string) Last 4 digits of credit card number
- ExpireMonth (string)
- ExpireYear (string)
Please see page 26, of the official Quantum Vault API documentation, from the Quantum Gateway web site:
You will see from the Quantum Gateway official API documentation, that ONLY the last four numbers of the credit card can be obtained.
This is the same information that might be printed, on a paper receipt, from any store that uses your credit card as payment.
Q: Can I obtain the source code for this module, just be sure?
A: Sorry, we can't release the source code. If we don't encrypt the module, in Ioncube, we would not be able to license it. One thing to consider is that all modules for WHMCS, that handle credit cards (even the payment gateway modules), are encrypted with Ioncube. Do you personally know what the code contains for WHMCS, and/or the payment gateway modules? Do you know the specific programmer who wrote them? In fact, the whole billing software itself is encrypted with Ioncube. So, code that is handling your client's credit cards being encrypted is not an uncommon concept, and is in fact the normal way the system is provided. However, the benefit of using the Quantum Vault payment gateway in WHMCS, is that is makes it impossible to ever see the full credit card number from your system or local network. The credit card number never passes across your server or network, and there is no way to get the full number out of the Quantum Vault.
Q: Does this module do a remote check to validate the license? If so, when does this happen? Does it happen once, or each time the module is used?
A. Yes. However, after it does an initial check, it stores the information in an encrypted "local key" in your database (in the tbladdonmodules table). It then does a remote validation, of the license, when 15 days has past and the module is accessed again. If the license validation fails, it will continue using the local key that is stored on your server. This is the same way WHMCS itself works. The licensing addon we are using, is the same they use to license WHMCS. The local key functionality prevents the module from failing if a remote validation cannot be done.
Q: Why are the clientssummary.tpl admin template files modified?
A: This modification changes the "Credit Card Details" link, on the client summary in the WHMCS admin console, to point to the module (logged in as the client). The existing "Credit Card Details" window, in the WHMCS console, does not work with Quantum Vault. So, if you go into the WHMCS admin, and add a credit card or make changes to a credit card, it will write the full credit card number to your local database and not update the Quantum Vault. To avoid this, the module changes the link to point to you the correct location for adding and modifying credit cards to the Quantum Vault.
Q: Why is there no expiration date shown for MasterCards?
A: From Quantum support: "We can not show the expiration for MasterCard cards. It is against MasterCard policy to show the credit card expiration."