John Cartwright wrote:
What's wrong with processing payments in an iframe? As long as it's SSL encrypted, of course, that's fine.
Fine from a security perspective.
From an accessibility perspective I don't feel iframes are a great choice though and, from a merchant's perspective, since they obviously would choose this approach to provide a more "professional" checkout experience where the user doesn't seem to leave their own website, they would very likely also have to spend more time/money/effort customizing the embedded checkout page to whatever degree is facilitated by the service provider.
I didn't say that is bad or wrong, I just said make of it what you will.