The background description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent it is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure.
A content provider has an incentive to accept payments during a purchase transaction on its website. The simplest form of accepting a payment is to receive the user's card number/personal account number (PAN). Recent hacking scandals have highlighted the risk and the potential liability associated with directly handling PANs by a content provider. Related industry standard PCI DSS 3.2 provides content providers a simpler way to field data-security compliant web sites by using third party sites for card data entry. However, content providers are reluctant to turn over control to a third party for collecting account information because the content provider loses control of the customer experience.
This may be illustrated by the use of a common payment service often used in a transaction. The customer is redirected away from the content provider's site to an entirely different website and after completing the entry of the payment data, the customer is redirected back to the content provider site. The content provider has no control over the look and feel of the payment service destination site highlighting to the user the discontinuity in the transaction. Further if an error occurs in either of the redirections or if payment data entry is unconfirmed, the customer is unable to determine where in the process the error occurred or even if the payment was completed.