|
|
|
|
|
|
by satiani
4434 days ago
|
|
|
Your payment form is not secure, even though it makes a submission over SSL, the fact that it is hosted on a non-SSL page exposes it to Man in the Middle attacks. An attacker may, for example, change the iframe URL to something controlled by the attacker but looks like the payment form on your site, and trick users into giving them their credit card details. The fix is simple, make your whole site https and redirect all http traffic over to https. There are cheap SSL certificates out there (as low as $99 a year) and its pretty easy to setup. |
|
|
Could I ask you one more favor? Would you check to see if we're as safe as possible now?