W3C home > Mailing lists > Public > public-payments-wg@w3.org > April 2016

Re: [w3c/webpayments] How do we transition users and merchants from the current system to using the new API and apps? (#94)

From: Sebastien Domergue <notifications@github.com>
Date: Fri, 15 Apr 2016 08:19:23 -0700
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/94/210502194@github.com>
Actually, due to PCI compliance rules, most of payment processing on ecommerce platforms are done by calling 3rd party into an iframe or a dedicated page. Currently, if you have the form defined in your hosted page as a merchant (to control UX), even if data are not coming to your server but directly to the payment provider, you have to be PCI compliant (level PCI A-EP). In case this group defines any new flow which could bring merchants into PCI compliance, we could be sure that merchants won't adopt it.
So yes, supporting iframe will be mandatory for me

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/94#issuecomment-210502194
Received on Friday, 15 April 2016 15:20:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:15 UTC