Re: [w3c/webpayments] How do we transition users and merchants from the current system to using the new API and apps? (#94) from Sebastien Domergue on 2016-04-15 (public-payments-wg@w3.org from April 2016)

From: Sebastien Domergue <notifications@github.com>
Date: Fri, 15 Apr 2016 08:19:23 -0700
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/94/210502194@github.com>

Actually, due to PCI compliance rules, most of payment processing on ecommerce platforms are done by calling 3rd party into an iframe or a dedicated page. Currently, if you have the form defined in your hosted page as a merchant (to control UX), even if data are not coming to your server but directly to the payment provider, you have to be PCI compliant (level PCI A-EP). In case this group defines any new flow which could bring merchants into PCI compliance, we could be sure that merchants won't adopt it.
So yes, supporting iframe will be mandatory for me

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/94#issuecomment-210502194

Received on Friday, 15 April 2016 15:20:22 UTC