Many merchant's and web developers are under the impression that simply by implementing a redirected payment method (iFrame or fully hosted payment page) to their eCommerce environment customers payment card data is completely safe and security is no longer a concern.  

This can be a terrible trap to fall into leading to a potential breach, followed by costly investigations and fines.  These payment methods rely heavily on the security of the web site from which they redirect and as such PCI DSS compliance is still applicable to these merchants and their developers.

The Foregenix Digital Forensics and Incident Response team investigated earlier this year a web site where a lack of appropriate security controls led to the introduction of sophisticated malicious code which breach the iFrame payment model of a major UK payment service provider, by performing a Man-In-The-Middle-Attack.

Merchant's and developers must keep security at the forefront when creating and managing eCommerce environments, ensuring that the minimum PCI DSS standards are adhered to. Foregenix' own eCommerce security solution can assist reaching the complete security posture required to prevent these increasing payment data breaches.

Read our article on the iFrame breach and how it was achieved.

Read our article on improving the security of your website.