The purpose of the Payment iFrame, available through Bluefin’s PayConex® Platform­, is to allow a merchant to embed an iFrame in their checkout page that will encrypt user entered payment data and return an “eToken” to the customer. The eToken can use the iFrame for processing payments through Bluefin’s API.

The Payment iFrame and the accompanying client library allow the merchant to perform card data encryption in a PCI compliant manner while also affording them greater programmatic control over the look and feel of the embedded input form.

Reduced PCI Scope

The Payment iFrame reduces the PCI scope for merchants by enabling them to outsource the capture of sensitive credit and debit card data to Bluefin. We control the capture of the data, send it to our server for encryption and release an encrypted token (eToken) to the merchant which they can use with Bluefin’s API for further payment processing (SALE, AUTH, STORE). With our solution the merchant never handles card data directly; instead they deal with eTokens and a number of JavaScript APIs.

When properly implemented, Bluefin’s iFrame and our Tokenization technology can take the Ecommerce operations of a merchant from SAQ D’s 326 security questions down to SAQ A’s 14 questions.

Payment iFrame Flow

Payment iFrame Flow