Posted: November 26, 2018 at 8:32 am
We need a payment gateway that uses a embedded credit card form and not a pop up like in Stripe.
I was previously informed that Braintree uses a form and a pop up for Paypal.
There are a number of payment gateway addons, can you tell me which use an embedded form, no pop ups and easy to use?
It depends on what you mean by embedded form, specifically if you want all of the fields to be hosted on your own site or do you just want a payment method that doesn’t use a popup but is still technically offsite, like Stripe is?
To ask another way, what level of PCI compliance would you like to undertake?
SAQ A/SAQ A-EP (least strict but uses offsite payment providers, such as Stripe) vs SAQ D (strict requirements but can use all onsite fields).
Braintree and Authorize.net Accept are the only payment methods that ’embed’ the form into the page whilst allowing you to use SAQ A/SAQ A-EP, either of those payment methods are the ‘easiest’ to use and setup if you don’t want a popup with minimal compliance required.
Stripe would be the simplest to setup/use but does use a ‘popup’.
All of the other ‘onsite’ payment method host the payment fields on your site (meaning SAQ-D).
Any true ‘on-site’ payment method, so:
Basically, any payment method that displays the form on your own site without the use of iframes or external sources for the fields themselves, is SAQ-D.
Offsite payment methods where the user is redirected to the payment processor and they handle all the payment forms etc as SAQ-A and possible SAQ-AEP depending on the integration, PayPal Express is an example of this but any payment method we’ve set as ‘offsite’ will direct you to their site for payment and should be SAQ-A but its best to check with them.
The trickier ones can be integrations like Stripe, Stripe is an OFFSITE payment method, all of the card details are handled by Stripe themselves in their checkout form (basically an iframe) so the user doens’t ‘leave’ your site, but also doesn’t input card dtails directly within your site. (Stripe states is SAQ-A).
Then you have payment methods like Braintree and Auth.net Accept which load the iframe within the page and it can look like the forms are directly from your site, but they are not, they are still offsite just look a little different to appear onsite by loading the form in an iframe and passing the details directly to them.