- From: David Woolley <forums@david-woolley.me.uk>
- Date: Tue, 20 Nov 2018 11:36:14 +0000
- To: w3c-wai-ig@w3.org
Using iframes typically reduces security, because you do not see the chrome that confirms the web site that originated the frame. I will always request a separate window for Paypal entry boxes, to ensure that I can see they are coming from Paypal. What do the hosted fields you are talking about here do to ensure that the user knows that they can be trusted. Are they only ever used on sites that already trusted, and submit to that site? On 19/11/2018 16:25, Beth Martin wrote: > Hello, > > I'm looking for some additional guidance regarding secure fields needed > for PCI (Payment Card Industry) compliance for ecommerce. Payment > providers now offer a solution for a higher level of conformance where > each payment field (credit card number, CVV, and expiration date) is a > DOM-injected iframe, comprising of a `label`, `input`, error validation, > styling, and focus management. These iframed fields are referred as > "secure fields" or "hosted fields". > > We are working with our payment provider to improve their markup, > however, if they followed all form and iframe related guidelines, would > there be any other concerns regarding accessibility? > > Thanks! > > Beth Martin
Received on Tuesday, 20 November 2018 11:37:20 UTC