Payframe versus previous form

  • Resolved nyhotdogman

    (@nyhotdogman)


    9 years, 4 months ago

    Hi Matthias,

    I hope you are doing well ?? Quick question in terms of the new plugin update with the payframe version: I just got off the phone with the Paymill support – according to them the previous form function is not SAQ A conform – which of course really complicates the process with credit card companies (security scans needed etc).

    Up to now we have been using the regular previous form, which is integrated in the checkout process. In addition we modified field names, design and used our own images. So using payframe this then is not possible, correct? But I do assume the payframe integrates into the checkout just as it did before (together with the other payment options)?

    There is no way to change the design for this?

    Thanks a lot und besten Dank,
    Sebastian

    https://www.ads-software.com/plugins/paymill/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author straightvisions GmbH

    (@matthias-reuter)

    Hi Sebastian,

    unfortunately, for security reasons, there is no way to change design of the payframe :/

    Kind regards,

    Matthias

    Thread Starter nyhotdogman

    (@nyhotdogman)

    Hi Matthias,

    okay thanks for the quick answer! Mhmh, okay that sucks ?? I will call Paymill again to see if they may be able to help me out a bit more.

    In terms of integration and default design – there is no difference to the previous form?

    Thanks again,
    Sebastian

    Hi Sebastian,

    I am Thomas from PAYMILL.

    We are working on a solution that will allow modifying the layout of the payment form again, though I cannot give an ETA on that at the moment.

    The current problem is, that PCI DSS 3.0 regulations require the payment form to be completely hosted by a PCI DSS certified server to be SAQ A conform. This means that anything changing/modifying the payment form (even CSS) has to be provided from a certified environment.

    If you use the older integration form, you will most likely fall under the scope of SAQ A-EP, which is more complex and requires a security scan every 3 months.

    You can find more infos here: https://www.pcisecuritystandards.org/security_standards/documents.php?category=saqs

    I hope this makes everything a bit clearer for you.

    Best,
    Thomas

    Thread Starter nyhotdogman

    (@nyhotdogman)

    Hi Thomas,

    thanks for your reply. We have updated paymill and now use the new payframe function – I thought this would then entirely change the payment option’s design in the checkout (as all is provided by Paymill’s servers) – it did however not entirely (it seems only the credit card fields have changed their design). So as I have said before – we used custom css here before (e.g. for tabs and SEPA fields, payment logos etc) – and for some reason this still seems to be functional, despite using the payframe option. Here is a link to a screenshot of what I am talking about:

    https://img5.fotos-hochladen.net/uploads/screenshotch7uiypzvkf5.png

    So basically I’d need to know if this is all SAQ A conform or not….as wirecard told me NO css or images or anything can be provided by own server…or is wirecard JUST referring to the actual fields of the credit card? You can see, those have this design (which seems to be the default payframe design):

    https://img5.fotos-hochladen.net/uploads/checkoutkreddx75svwgjt.png

    Perhaps you can let me know.

    Thanks a lot,
    Sebastian

    Hi Sebastian,

    Yes! PCI DSS 3 is only concerned with the form fields used to collect credit card data – those are embedded using PayFrame and therefore hosted by PAYMILL instead of your shop.

    Thus, you should be good to go ??

    Best,
    Thomas

    Thread Starter nyhotdogman

    (@nyhotdogman)

    Perfect!

    Thanks a lot for your support!

    Sebastian

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Payframe versus previous form’ is closed to new replies.