cancel
Showing results for 
Search instead for 
Did you mean: 

iframe components

We currently use Authorize.Net but are being forced to look at other options to lower our PCI compliance levels.  PayPal and Adyen both have something they call "Components" which is similar to a form hosted in an iframe, for the lowest level of PCI compliance requirements, but instead of the entire form in an iframe each input field is in a separate iframe, and each field exposes methods to get the encrypted value for just that field.  This makes it very easy for us to keep our existing UI and UX exactly as it is, but just replace the few fields where we ask for card info to be entered with their iframe versions, and then we get an opaque token using those values that our server can use to auth/capture.

 

We currently using Accept.js, but with our own input fields, no iframe.  We call Accept.dispatchData() to convert card info to an opaque token.  So the card info never goes to our server, but it does live inside our JavaScript code and we technically have access to it.

 

Are there any options to keep everything very much/exactly like it is now, but just put the card number and card ID/cvv fields inside an auth.net iframe that gives us access to only encrypted values?  Our UX and UI is very complex including ways to manage saved cards inside and outside of checkout flow, manage payment options for subscriptions, etc -- and the conversion rates are awesome, so we don't want to risk changes to the UX.

 

ericselk
Member
0 REPLIES 0