- No pages viewed yet
As of January 1st, 2018, PCI DSS v3.2.1 is mandatory for all e-commerce merchants and defines some new and stringent requirements for the handling of sensitive cardholder data in your online shop. Following this standard, a merchant's web site(s) is not allowed to itself handle sensitive credit card specific data.
For merchants, any efforts to become compliant with the new standard PCI DSS v3.2.1 and the corresponding Self-Assessment Questionnaire SAQ A-EP applicable for Wirecard Checkout Seamless, which might be required by your acquirer, will be rather costly and time-consuming.
In this respect, Wirecard, as PCI DSS certified third-party payment processor, has developed the “PCI DSS SAQ A Compliance” feature for merchants who use Wirecard Checkout Seamless but are not themselves PCI-certified according to PCI DSS v3.2.1 based on SAQ A-EP.
In other words, as a merchant or integrator you may decide whether you integrate Wirecard Checkout Seamless without the “PCI DSS SAQ A Compliance” feature requiring PCI DSS v3.2.1 certification and compliance with SAQ A-EP, or with the “PCI DSS SAQ A Compliance” feature which was developed especially for Wirecard Checkout Seamless and ensures compliance with PCI DSS v3.2.1 and is based on the less stringent SAQ A.
Please note that when using “PCI DSS SAQ A Compliance” you will of course still be able to enjoy all features and benefits of Wirecard Checkout Seamless without any restrictions.
Once your consumer has entered the financial data into the web form within the iframe, without noticing that it is actually hosted by Wirecard, he is redirected to your online shop. The whole process is designed seamlessly and allows for customization of the relevant iframe input fields via CSS.
When initializing the Wirecard data storage for the feature “PCI DSS SAQ A Compliance” the following request parameter, which is optional for conventional Wirecard Checkout Seamless, becomes required to allow activation of the “PCI DSS SAQ A Compliance” feature:
|Parameter||Data type||Short description|
The following request parameters are optional parameters used to display or hide credit card related input fields for payment methods credit card, credit card - mail order and telephone order as well as for Maestro SecureCode:
|Parameter||Data type||Short description|
|iframeCssUrl||URL||URL to a CSS file on your server to perform customizations of the iframe input fields.|
|creditcardPanPlaceholder||Alphanumeric with a variable length of 32.||Placeholder text for the credit card number field.|
|creditcardCvcPlaceholder||Alphanumeric with a variable length of 32.||Placeholder text for the credit card verification number field.|
|creditcardCardholderNamePlaceholder||Alphanumeric with a variable length of 32.||Placeholder text for the credit card holder field.|
|creditcardIssueNumberPlaceholder||Alphanumeric with a variable length of 32.||Placeholder text for the credit card issue number.|
|creditcardShowExpirationDatePlaceholder||Boolean||Display placeholder text for the credit card expiration date.|
|creditcardShowIssueDatePlaceholder||Boolean||Display placeholder text for the credit card issue date.|
|creditcardShowCardholderNameField||Boolean||Display field containing card holder name.|
|creditcardShowCvcField||Boolean||Display CVC field.|
|creditcardShowIssueDateField||Boolean||Display field containing the card issue date.|
|creditcardShowIssueNumberField||Boolean||Display field containing the card issue number.|
As regards the storing of payment data in the Wirecard data storage when using “PCI DSS SAQ A Compliance”, the credit card specific input fields are displayed in an iframe which is hosted by Wirecard. In order to show this iframe, the Wirecard data storage provides a specific function which is used to load the iframe into a certain section of your HTML page:
For Credit Card
For Credit Card - Mail Order and Telephone Order
For Maestro SecureCode
The following 3 parameters may be set within the
| buildIframeCreditCard |
|Parameter 1||ID of HTML element into which the iframe will be loaded.|
|Parameter 2||Defines iframe width.|
|Parameter 3||Defines iframe height.|
In order to immediately verify the correctness of entered credit card data and to proceed to the next step of the payment process, use for
Credit Card - Mail Order and Telephone Order
null is used as first parameter while
However, this function is optional since credit card specific data are already stored during input when the consumer changes from one field to another while entering the payment data.
Please note that a result is only returned, if the consumer's browser supports postMessages. Otherwise, the returned value is
null and a
readDataStorage operation may be performed to verify the correctness of the payment data.
Browser minimum versions that support postMessage are Internet Explorer v8.0, Mozilla Firefox v3.0, Google Chrome v1.0, Safari v4.0, Opera 9.5; older Android versions, e.g. v 2.3, might not support postMessage.
Wirecard ensures a seamless integration of “PCI DSS SAQ A Compliance” and the possibility to customize the iframe input fields according to your needs by using the parameter
iframeCssUrl (URL to a CSS file on your server to perform customizations of the iframe input fields).
To ensure that all elements within the checkout page are hosted by Wirecard systems and in order to provide for SAQ A compliance, this CSS file is received via your given URL in the request parameter
iframeCssUrl from your server to the Wirecard CEE server. After successful validation by Wirecard, the CSS file is subsequently loaded by Wirecard (during each data storage init), parsed and delivered as inline CSS file within the iframe, i.e. the CSS file is not loaded from your server during presentation in the browser of your consumer.
Our system uses a URL-based caching mechanism for this
iframeCssUrl. If you wish to disable this mechanism, please append the current timestamp as GET parameter, e.g.