Guidance regarding secured/hosted fields for PCI (Payment Card Industry) Compliance from Beth Martin on 2018-11-19 (w3c-wai-ig@w3.org from October to December 2018)

From: Beth Martin <martin.bethann@gmail.com>
Date: Mon, 19 Nov 2018 11:25:30 -0500
To: w3c-wai-ig@w3.org
Message-ID: <CAAy++3d_Xf_MaQ03+76=UWEP3k1oXMpYJ=rAK=VS5zwVsWm4PA@mail.gmail.com>

Hello,

I'm looking for some additional guidance regarding secure fields needed for
PCI (Payment Card Industry) compliance for ecommerce.  Payment providers
now offer a solution for a higher level of conformance where each payment
field (credit card number, CVV, and expiration date) is a DOM-injected
iframe, comprising of a `label`, `input`, error validation, styling, and
focus management.  These iframed fields are referred as "secure fields" or
"hosted fields".

We are working with our payment provider to improve their markup, however,
if they followed all form and iframe related guidelines, would there be any
other concerns regarding accessibility?

Thanks!

Beth Martin

Received on Monday, 19 November 2018 18:31:33 UTC