[zferland]

that typically would be a concern, but our first version is built only with a Coinbase integration, and all payments are handle through their merchant services and their payment iframes. Once we implement our own payments we will have to handle this appropriately.

[icebraining]

What if I replace the iFrame URL with an URL of a cloned page? How can the user be sure that it's really Coinbase's form?