W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2016

Re: Iframes and credit card security

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Tue, 16 Aug 2016 07:02:21 +0200
To: Craig Francis <craig@craigfrancis.co.uk>
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <b848f55a-57a6-6e83-51f7-7eb95419acf1@gmail.com>
On 2016-08-16 01:11, Craig Francis wrote:

> Personally I think "assuming the correct iframe has been opened" is the problem,
 > and because most websites are doing things like running out of date versions of WordPress,
 > they need to have at least a basic check that things "seem to be ok".

Apple have addressed the client-side of payment-security both with respect to the merchant and the user in a pretty elegant way:
https://developer.apple.com/videos/play/wwdc2016/703/

Other payment providers will not be able to provide such solutions in foreseeable time.  Fixing IFRAMEs is unlikely to be the answer.

Anders
Received on Tuesday, 16 August 2016 05:02:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:21 UTC