Actually, due to PCI compliance rules, most of payment processing on ecommerce platforms are done by calling 3rd party into an iframe or a dedicated page. Currently, if you have the form defined in your hosted page as a merchant (to control UX), even if data are not coming to your server but directly to the payment provider, you have to be PCI compliant (level PCI A-EP). In case this group defines any new flow which could bring merchants into PCI compliance, we could be sure that merchants won't adopt it. So yes, supporting iframe will be mandatory for me --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/94#issuecomment-210502194Received on Friday, 15 April 2016 15:20:22 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:15 UTC