iFrames (PCI-compliant)
An iFrame makes embedding payment functionality into websites convenient and straightforward. Through secure handling of payment information, iFrames ensure PCI compliance. Card details that a customer enters go directly into the iFrame. Cross River sends merchants a token that represents those details. Then, merchants can use that token to request a card-based transaction.
IMPORTANT In Cross River's Card Payments API, iFrames are compliant with the PCI DSS standard. PCI-compliant iFrames lower the cost of PCI compliance by merchants. That's because credentials are already saved onto a Cross River server. This means those credentials don’t have to be stored by CR partners.
As a Cross River merchant partner, use iFrames:
- If you are not PCI-compliant
- For quick and easy payment form customization
- For another way to reach your customers, in parallel with your existing online registration.
- Host an iFrame on your website.
- The cardholder—the customer—enters their card details directly into the iFrame. You don't store, process, or send the customer's card data on your own form or server.
- CR processes customer-sensitive information and returns a token representing those details. CR does this through a process called tokenization.
- A webhook sends you a card token.
- Use the card token to make a payment request.
See the API to set up an iFrame on your site.
When you enable an iFrame, a cardholder signs up their card to your website. As a result, card details are entered instantly to your system for secure processing.
Every time a cardholder enables an iFrame session, CR assigns a one-time code for that session. Then, the code becomes associated with the payee's card.
When the cardholder's browser encounters an iFrame element, it creates a new HTML document environment. The content that the iFrame contains gets loaded into that document.
- iFrames integrate smoothly with your existing site.
- iFrames are an open technology that all major web browsers support.
- With the CR iFrame Generator:
- Once you create an iFrame template, you always control the look and feel.
- You never have to touch the code!
Do the configuration steps (described in Generating an iFrame, below). Then, integrate the iFrame into the look and feel of your website.
To set up an iFrame and get it working on your merchant site, use the iFrame Generator and Generate OTC signup card API .
Overview | Welcome to the iFrame Generator, your self-service interface for creating PCI-compliant iFrames. iFrame Generator provides an efficient and streamlined way to embed iFrames onto your merchant website. With iFrame Generator, creating an iFrame is a one-time action. Once you have generated an iFrame, you can immediately begin entering customer card information via your website. Of course, if you wish, you may add more iFrames in the future. |
|---|---|
Use case (high-level) | Do the following to create and embed an iFrame onto your site:
|
The procedure for generating an iFrame contains 3 main steps:
- Add a template.
- Define a style.
- Build a URL.
Add a template
- Launch the Customer Portal UI.
- In the left-side icon bar, click iFrame.
- In the iFrames window, click + Add template.
Define a style
- Assign the template a name and domain. Define registration and error paths.
- You can use the Credit card design, and Form design sections to customize your iFrame look and feel.
- Click Save template when you're done.
Build a URL
- Click Copy embedded code. A detailed pop-up tells you how to: a. Build the iFrame URL using the OTC Card Signup API. b. Insert the API-generated parameters into the iFrame source code. c. Paste the iFrame code into your merchant site HTML.
- Click OK, got it.
Now your iFrame is ready to sign up cards.
Generate an iFrame OTC signup card
Card management APIs