Reply to post: Re: iFrame

Customers reporting credit card fraud after using OnePlus webstore

Anonymous Coward
Anonymous Coward

Re: iFrame

Agreed - iFrame setups can look a lot like an attack themselves.

HTTPS should mean your details are safe while in transit. Which implies that OnePlus' servers may have been compromised, allowing the form input data to be copied in that small window when it has been received and is about to be sent on via the back end. In other words it's a fairly classic man in the middle attack, but without the hassle of having to put the man there in the first place.

The implicit suggestion that the iFrame method is superior stems from the idea that whoever hosts the iFrame (be it a bank or a payment processing intermediary) will have done a better job of securing their systems, rather than purely technical reasons. Like you say, at some point you've got to trust someone.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon