Hi @nelsonlyra, You wrote: "From my point of view, it only move PCI-DSS compliance from merchant's web site to payment apps." While I agree there is "movement," my understanding from this PCI FAQ entry is that the requirements change as a result: http://bit.ly/2rDfDmN "To avoid complicated security work on payment apps, we should embed the payment form (to collect card info) in an iframe." I anticipate that will happen in many cases (as it does today). Thanks for the comments! Ian -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-methods-tokenization/issues/7#issuecomment-304003881
Received on Thursday, 25 May 2017 12:59:00 UTC