3d secure is required to be in an iframe – urgent fix required
The Paypal Pro paid extension has the option to enable 3D Secure but the during checkout the authentication process does a url redirect taking the user away from the site.
This is of course is insecure and very bad UX therefore will cause most users to exit the process or at very least be confusing but the main issue is that this is not compliant with the specifications for 3DS or 3DS V2 (EMV 3-D) nor the Verified by Visa or Mastercard Secure specifications.
Apart from being non compliant this also causes issues with the Cardinel Commerce gateway meaning there are some authentifacation errors in some cases.
Given the fact that the new PSD2 regulations requiring the use of 3DS come into force from Sep 14th 2019 this effectively makes the Paypal Pro paid plugin not fit for purpose for all users in Europe and also any users world wide that implement 3D Secure.
I would suggest this is not a “feature request” or idea but an urgent requirement especially considering this is a paid plugin.
Further reading can be found in the official 3DS V2 EMV 3DS documentation here https://www.emvco.com/wp-content/uploads/documents/EMVCo_3DS_Spec_v220_122018.pdf with chapter 4 being the most relevant section to this.
Last updated: August 28, 2019