- From: Craig Francis <craig@craigfrancis.co.uk>
- Date: Mon, 15 Aug 2016 14:11:18 +0100
- To: WebAppSec WG <public-webappsec@w3.org>
Received on Monday, 15 August 2016 13:11:49 UTC
Hi, Is there a secure way to collect sensitive information (e.g. credit card numbers) though an iframe, if the parent page has been compromised? I don't think there is, and I think Stripe, BrainTree (PayPal), WorldPay, etc are all pretending they have a secure system, when they really don't. I've written up my notes at the following URL, but if you have any other comments/feedback, I'd really appreciate it (I'd like to contact the PCI Council again by the end of the week). Craig https://www.code-poets.co.uk/misc/security/pci-saq/ <https://www.code-poets.co.uk/misc/security/pci-saq/>
Received on Monday, 15 August 2016 13:11:49 UTC