Iframes and credit card security

Hi,

Is there a secure way to collect sensitive information (e.g. credit card numbers) though an iframe, if the parent page has been compromised?

I don't think there is, and I think Stripe, BrainTree (PayPal), WorldPay, etc are all pretending they have a secure system, when they really don't.

I've written up my notes at the following URL, but if you have any other comments/feedback, I'd really appreciate it (I'd like to contact the PCI Council again by the end of the week).

Craig



https://www.code-poets.co.uk/misc/security/pci-saq/ <https://www.code-poets.co.uk/misc/security/pci-saq/>

Received on Monday, 15 August 2016 13:11:49 UTC