I have been working to implement a Hosted CIM payment page for someone. The basic idea is that some javascript runs in response to a button click that creates a popup iframe on one's page. The customer enters their payment information into the page displayed in the iframe which is hosted via HTTPS by Authorize.net themselves. The reason for this Hosted CIM technique is to allow the use of the authorize.net gateway in an environment where PCI Compliance is not possible such as the Rackspace Cloud*.
The problem, aside from a crappy SDK and bad example code, is that the page that gets displayed in the iframe looks really crappy. I'm really hoping that I can change its appearance with some CSS. Before I go creating some wacko CSS to style their page, I thought I should ask can you put CSS on your page to change the appearance of a page that appears in an iframe which is (securely) hosted on another domain? Seems to me this would present a security problem.
- I had already written code to use Authorize.net's traditional methods which was running on a dedicated machine. We wanted to move the system to their cloud for improved scalability but their tech support guys told me that the Cloud Server product is not PCI compliant. I didn't want to believe it but he insisted.
