I need to create payment forms for a few websites (which aren't mine), but I am building the payment form itself that is called via an iframe. Essentially I'm a 3rd party who will be generating payment forms for other sites to use.
Assuming the page hosting the iframe is SSL and the content of the iframe is retrieved using SSL, are there any security concerns I should be aware of?
The only related post I found only gave the answer "the user can't verify SSL was used." It didn't explicitly state whether or not stuff like clickjacking or any other sort of malicious attacks could come into play.
What about if the the website hosting the iframe is http and not https? Is the biggest concern someone changing the iframe location?
Thank you
