- From: tugal <notifications@github.com>
- Date: Wed, 08 Feb 2017 01:31:44 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 8 February 2017 09:32:38 UTC
Thanks for quick answer. > This is not true. As a PSP you can still provide your merchants with code that embeds an iframe, the content of which is hosted on your secure (and PCI DSS certified) web servers. > The Merchant can explicitly give that iframe permission to call the Payment Request API so when the user wants to pay the interaction is done directly with your systems. I agree, it's technicaly possible and compliant. But i disagree on the UX involved; > For the redirect use case, nothing stops you from invoking the API when the user has been redirected to the payment page hosted on your secure servers. Again, i agree; but we loose all UX, the payee is redirected from the ecommerce website to a generic page, loosing connection with the merchant. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/210#issuecomment-278276664
Received on Wednesday, 8 February 2017 09:32:38 UTC