Og så alligevel : check dette cut fra dokuen fra WF:
Payment window is a quick start solution where you don’t have to make lots of adjustments.
Start by setting up a simple postform, and then look at what arguments you can send to the payment window. The window will be able to display your shop logo, total price and order number. You can either choose to open the window in the same window as the shop, or make it open as a popup. The downside about the payment window is that you can't change the design to fit your shop.
Secure SSL proxy is a very different and more time-consuming way to integrate online payment into your shop. The big difference from the payment window is that you are now able to design the layout of your payment page. Please read section 2.1 for more information.
Postform API can only be used by shops that have performed an SAQ, and uploaded quarterly security scans to PBS's security portal. Please be aware that this SAQ only concern API methods that include creditcard information. Section 4.3 and 4.6.
Og beskrivelsen af Secure SSL:
2. Hosted secure SSL proxy
2.1 How Secure SSL proxy worksThe payment form has to be displayed through SSL ( HTTPS ). We provide an SSL-Proxy within the paymentgateway product, in case the shop doesn't have its own SSL certificate. Remember that sessions created when the customer is connected to your shop through HTTP, will be lost when data is submitted to the https proxy. To allow a specific domain through the SSL-Proxy, it first has to be allowed in the access list. The access list is located in the paymentgateway webinterface under “Indstillinger / Settings” Relaying the payment form through SSL is done by pasting the payment form URL in front of the SSL-Proxy URL. Example:
SSL-Proxy URL:
https://betaling.wannafind.dk/secureproxy/proxy.php/Webshop URL:
http://www.webshop.dk/payform.htmlRelay URL:
https://betaling.wannafind.dk/securepro ... yform.htmlSå udfra dokuen er Secure SSL proxy OK og kræver ikke SAQ som API løsningen.Secure SSL proxy er dog i denne forbindelse blevet opdateret :
Stripping tags The big difference between this proxy and the old one is that this proxy will strip tags which can be used to manipulate creditcard data. The following tags and code in between will be stripped from the code that parses through the proxy:
<script>
<object>
<embed>
<applet>
<noframes>
<input>
<select>
<textarea>
<form>
<checkbox>
<frameset>
<iframe>
....
Og derved er sikkerhedsrisikoen ved en Secure SSL løsning fjernet og vil kunne benyttes fremover til PBS's tilfredsstillelse.