Re: [w3c/webpayments] How do we transition users and merchants from the current system to using the new API and apps? (#94)

Actually, due to PCI compliance rules, most of payment processing on ecommerce platforms are done by calling 3rd party into an iframe or a dedicated page. Currently, if you have the form defined in your hosted page as a merchant (to control UX), even if data are not coming to your server but directly to the payment provider, you have to be PCI compliant (level PCI A-EP). In case this group defines any new flow which could bring merchants into PCI compliance, we could be sure that merchants won't adopt it.
So yes, supporting iframe will be mandatory for me

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:

Received on Friday, 15 April 2016 15:20:22 UTC