[jacobra2]

>It's important to note that many of the tricks (like hidden iframes from PSPs) that are used to make payments frictionless today are going to become useless as browsers roll out more changes to protect user's privacy (e.g. killing 3rd party cookies and storage).

Could you point me to resources to learn more about this? I work on integrations like this. Is it that iframed PSP integrations won't work at all, or they won't appear as seamless?

[ahopebailie]

Here's a decent write up.

In short, 3rd-party cookies and storage are being blocked (or phased out). This means you can insert an iframe into a page but the cookies/storage it has access to will be partitioned based on the origin of the top-level context.

E.g. If PayPal embeds an iframe in walmart.com's site and the user logs in to PayPal to pay then goes to target.com's site where there is also an iframe embedded the user will have no active session and will need to login again.

[ahopebailie]

Sorry, link: https://www.theverge.com/2020/1/14/21064698/google-third-par...

[strictnein]

Yeah, this really needs to be fleshed out more. Stripe, Braintree, Paypal, etc all have rolled out this type of thing and it helps improve the security posture of everyone involved.

Just saying those "tricks" are going to die sometime in the name of "privacy" definitely needs a little more unpacking. There are likely tens or hundreds of thousands of sites with those implementations live today.