Vote up!
Vote down!

How can I completely remove Billing Information from checkout?

I've used Commerce Kickstart to get a test site up and running for evaluation. This, by default, includes the Address Book module.

For purposes relating to PCI DSS, I don't want to be storing customers' billing details on my site. Payments will be processed externally, so there's no need for me to have this data around. I've managed to remove the Billing Information section from the checkout process, and have removed user permissions to view/create/edit billing addresses for their own accounts.


1. Despite removing the permissions, users are able to view, create and edit their billing addresses in the My Account section. Surely this shouldn't be possible with the permissions removed? How can I stop users seeing anything relating to Billing Information?

2. The Shipping Information section on the checkout page includes the tickbox stating it's the same as the Billing Information. I'd like to remove that tickbox and have the address fields display by default, as obviously the Billing Information fields aren't there any more. How can I go about doing this?

Thanks for your help!

Asked by: rvalkass
on June 9, 2013

2 Answers

Vote up!
Vote down!

For what it's worth, the PCI requirements pertain to actual card data (the CC number, expiration date, and security code), not billing addresses. However, if you're using a payment service that collects billing information (like I do - PayPal Payments Standard) - it's a better customer experience to not ask for the information locally as well.

So, in your case, I'd do what you're doing and solve your remaining issues this way:

  1. The Addressbook module shows tabs for any checkout pane that has been configured to enable the Addressbook. Even though the checkout pane is disabled on your site, it's apparently still respecting this configuration. Go to your checkout settings, click the configure link for your disabled billing information checkout pane, and uncheck the box that enables addressbook.
  2. Profile copying is a core feature of Drupal Commerce that is also configured via checkout pane settings forms. Click the configure link for your shipping information checkout pane and disable profile copying to have that removed.

If Addressbook is indeed letting your users create customer profiles that they don't have the permission for, this is a bug in the module and should be reported to its issue queue. However, in a quick test for an unprivileged user I was not given access to make profiles that I did not have access to. Perhaps the user you were testing with had the admin role or was user 1, bypassing these permissions?

Ryan Szrama
Answer by: Ryan Szrama
Posted: Jun 10, 2013
Vote up!
Vote down!

Hi Ryan, thanks for your speedy answer. Both your steps solved the issues. I guess I assumed that those steps would be taken care of by disabling the Billing Information, and my exploratory clicking didn't lead me to the options you mentioned. Once again, thanks.

After carrying out your steps, users can no longer edit, view or create Billing Addresses in their profiles, which is great. However, if I switch either option back on, it seems like my permission settings get overriden, allowing users to create/edit/view their Billing Address again, even if it doesn't appear anywhere and permissions are against it. I'll do some more investigative clicking and see if a bug exists or not.

Answer by: rvalkass
Posted: Jun 11, 2013