Third Party Domains
BA's payment page still loads content from seven external domains.
They are not alone in that.
The current trend to use multiple layers of frameworks that are loaded from 3rd parties for even the simplest operation is a huge hole the size of the Grand Canyon.
The event at BA is just the tip of the iceberg. If I was running a business that took payments online, I'd be taking a really good look at how that was working and what 3rd parties were involved.
Oh, and their cost cutting and sending all their IT to India naturally won't have anything to do with it...