Last week we successfully implemented iframes on the payment pages of Shift4 customer websites. And, we are currently testing a similar solution for non-Shift4 customers. This is an initiative that we began investigating the third quarter of last year as part of our organizational commitment to continuous improvement. We expedited the rollout as a component of our comprehensive strategy to increase the security of our systems.
You may be asking, what is an iframe? And, what are the benefits of this process for both me and my customers? To put it simply, an iframe allows an e-commerce website to embed a payment page from a third party payment service provider (PSP), so that the payment information is collected within the PSP’s environment. The benefit of this outsourcing approach is two-fold. First, it maintains a seamless customer experience, as the user is not redirected away from the e-commerce site to complete their purchase. Second, payment information collected within the iFrame cannot be modified or interfered with by application code outside of the frame.
Very soon, we will be rolling out a similar upgrade for non-Shift4 customers. The security of your customers’ personal information is a priority we take very seriously. We appreciate your partnership and are committed to continuing our systematic process of assessment and implementation of enhancements to further secure our systems.
For more information about iframe technology, see section 2.2.2 of the PCI Security Standards Council’s Best Practices for Securing E-commerce. You will find a process flow diagram that will further illustrate the purpose and benefits of iframe technology. When referencing the diagram, PrismRBS = Merchant, Customer Browser = your store’s shopper and PSP = Shift4 i4go.