Using an iFrame Payment Form with Spreedly

PCI-DSS v3.0, which went into effect on January 1st of this year, mandates the use of an iFrame-based payment form for merchants wishing to minimize PCI compliance scope (defined as the ability to self-assess using the SAQ A questionnaire instead of the more onerous SAQ A-EP). We previously wrote about maintaining PCI compliance in light of the new PCI-DSS requirements and invited customers into our iFrame payment form private beta program. Since then we’ve worked with several customers to integrate the payment form into their payment page and are now making the iFrame payment form available to all customers as a public beta.

As a public beta, the iFrame payment form is functionally complete and available to all customers wishing to integrate it in their production systems. Although changes are expected before general availability, the iFrame form is implemented in a way that avoids breaking changes unless an upgrade is explicitly initiated.

We’ve created a sample app showing the iFrame payment form integrated into a typical checkout page, highlighting the ability to maintain a consistent UX even when using content served by Spreedly. As you begin the process of reassessing your PCI compliance in 2015, please review our iFrame payment form documentation and integrate it into your systems to lessen your PCI burden.