easy-digital-downloads icon indicating copy to clipboard operation
easy-digital-downloads copied to clipboard

Published 20 hours ago verified publisher icon awesomemotive

Shouldn't you ask the customer if they want to save a Stripe credit card?

Open Nate82 opened this issue 5 years ago • 9 comments

With the Stripe add-on, if you have Show Previously Used Cards checked and a customer makes a purchase, the credit card they used is automatically saved. I tested this in Test Mode using one of Stripe's test cards so apologies if I'm wrong but it didn't ask me to save my card when I made the test purchase, it just automatically saved it and then the card showed up in my account.

Thinking like a consumer, it feels shady. I'm asking myself, is my card secure on this website? Why wasn't I given an option to save it? Where do I go to delete the card I was forced to save? Every website I've ever bought something on has asked me if I want to save a card for future purchases and never saved it automatically.

  1. I feel you should ASK the customer if they want to save a card for future purchases instead of saving it without their permission.

  2. Maybe also add an ajax link on the checkout page next to a saved card to delete the saved card. Just a random idea I'm throwing out.

Anyone have opinions on this? I photoshopped a checkbox and statement under the credit card field to give you an idea. And maybe have an admin option to have it checked or unchecked by default.

stripe-savecard

Nate82 avatar Jul 31 '20 00:07 Nate82

@Nate82 This is something Stripe does, and from what I can find does not have any way for us to not have the cards saved in their system. All cards are stored on the customer record as soon as they are used with Stripe. EDD doesn't actually store any of this information within it's own databases.

The saved card feature looks up the customer record within Stripe and returns the cards that have previously been used with the matching Stripe account ID.

This isn't a no

If we do this we'll have to not only respect the EDD Store option to show the 'saved cards' feature, but also store something on the EDD Customer meta I would think.

cklosowski avatar Aug 19 '20 23:08 cklosowski

@cklosowski Thanks for the reply, it's unfortunate Stripe works that way. It basically makes the option NOT an option because of how invasive it is to automatically save a person's credit card without asking them first, you and I as developers and website owner's know it's safe but the customer doesn't. Hopefully you guys can figure something out for it in the future.

Nate82 avatar Sep 26 '20 06:09 Nate82

I've looked further into this and with Payment Intents, there is not a way to not have a payment method attached to the customer in Stripe. It is a requirement to be more secure in that we don't ever pass around card information just a token ID for the payment method, so that neither EDD's code or the store owner knows the full card data.

Closing this out as something we cannot do on our end.

cklosowski avatar Dec 06 '22 06:12 cklosowski

I don't understand why this point is not addressed. This would be doable in my reading:

There seems to be an API Call available withing stripe where credit cards can be removed. So when the checkbox is unchecked in above mock-up, this API call should be called post checkout https://stripe.com/docs/api/cards/delete

  • There should be a setting in EDD Stripe to enable/disable this option
  • There should also be a button on each customer profile to delete credit card information via API call

efmcyrill avatar Dec 06 '22 07:12 efmcyrill

@cklosowski that's unfortunate because this is almost a must-have feature for ecommerce. I saw that Woocommerce has a new checkout experience which allows a checkbox to save a card, how do they do this? https://woocommerce.com/document/stripe/#checkout-page https://woocommerce.com/document/stripe/#new-checkout-experience

I also found this https://github.com/stripe-samples/saving-card-after-payment

An alternative (if possible) would let customers log into their account on your site and add a card to their My Account page and then that saved card would show up on the checkout page to use.

Nate82 avatar Dec 06 '22 15:12 Nate82

@efmcyrill @Nate82 I discussed this further with @spencerfinnell and there actually is a method that we can achieve with this within the payment intents, however if we do allow it, we will have to be selective with the situations in which it can be used.

The recurring system is required to have a card attached. We may be able to use the setup_future_usage on the payment method. I'll look more into this approach, and try and come up with a feature development plan to ensure that we don't completely break recurring, and future proof users from this aspect.

cklosowski avatar Dec 06 '22 21:12 cklosowski

WooCommerce forces setup_future_usage=off_session (which means the Payment Method gets attached to the Customer) if it is a Subscription purchase: https://github.com/woocommerce/woocommerce-gateway-stripe/blob/bf229bfcf3d025dc743a7cf2300212759c5ef493/includes/abstracts/abstract-wc-stripe-payment-gateway.php#L1227-L1230

spencerfinnell avatar Dec 06 '22 21:12 spencerfinnell

That would indeed be great if more options could be offered on how to deal with Credit Cards. Thank you for looking into this.

efmcyrill avatar Dec 07 '22 01:12 efmcyrill

Sounds good, thanks for reopening and diving into it. I'd love to use this feature on my site as most of my clients are recurring so an option to save a card at checkout would be great.

Nate82 avatar Dec 07 '22 11:12 Nate82