|
|
|
|
|
|
by tptacek
5418 days ago
|
|
|
Madness. Are users expected to check the DOM tree before they type their credit card details in to make sure they're sending their info to the iframe they expect to? The rule should be: if your app has a credit card form under its own banner, the whole thing is implicated for PCI assessments. But that's not the rule. |
|
|