Quote:
Originally Posted by wolff
So, after reading through this thread, am I correct that a valid option to anyone using x-cart that wants to be compliant and avoid the PA-DSS software requirements, is to integrate a compliant 3rd party payment gateway using an iframe?
A related question: With all of the iframe injection issues that have gone around, even if the above is true, would there be possible problems in relying on an iframe for this purpose?
Thanks
|
Yes it seems that an Iframe is a good way out of the PCI/PA-DSS problem. If you look at the UK payment gateway sapepay, they have a Iframe interface (called their "Server" interface) and they describe it as their most secure interface.
I suspect that the iframe injection situation will only be a problem here IF browsers start to have an option to block iframes.