@marcoscaceres I believe I have encountered such arrangement many times. Most of the big players probably including Worldpay provide such solutions. https://en.wikipedia.org/wiki/List_of_online_payment_service_providers The connection between Merchants and such providers are usually based on a URL with a small set of parameters holding session id, merchant id, amount to pay, etc. When ready it redirects to the merchant with the outcome of the payment. Of course the merchant can encrypt card data as well. The motives for doing it inside the browser (through the API) are two-fold: - It is non-trivial doing crypto - Security-wise it seems more "correct" that card plain text never reaches (potentially non-secure) merchant code. Such a thing _could_ have PCI implications -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-method-basic-card/issues/38#issuecomment-319580815
Received on Wednesday, 2 August 2017 06:32:19 UTC