Hi Sebastian,
Yes! PCI DSS 3 is only concerned with the form fields used to collect credit card data – those are embedded using PayFrame and therefore hosted by PAYMILL instead of your shop.
Thus, you should be good to go 🙂
Best,
Thomas
Hi Sebastian,
I am Thomas from PAYMILL.
We are working on a solution that will allow modifying the layout of the payment form again, though I cannot give an ETA on that at the moment.
The current problem is, that PCI DSS 3.0 regulations require the payment form to be completely hosted by a PCI DSS certified server to be SAQ A conform. This means that anything changing/modifying the payment form (even CSS) has to be provided from a certified environment.
If you use the older integration form, you will most likely fall under the scope of SAQ A-EP, which is more complex and requires a security scan every 3 months.
You can find more infos here: https://www.pcisecuritystandards.org/security_standards/documents.php?category=saqs
I hope this makes everything a bit clearer for you.
Best,
Thomas
