THE CHALLENGE
Historically, web developers would create a checkout page that included credit input fields, which would in turn be submitted to their own web servers. This approach provided full control over the user experience, but made the sensitive credit card data vulnerable to malware and hacking, requiring the website to maintain a stricter level of PCI compliance.
To avoid the security issues, developers began using third-party payment forms hosted in iframes or redirecting users to a third party checkout page. While this removed them from PCI scope, the developer lost control over the user experience.
HOW IT WORKS
Cardknox iFieldsTM are code snippets that you add to your form in place of the credit card fields. You then place a JavaScript click handler on the form submission. When the submit button is clicked, the credit card data is sent directly to Cardknox, bypassing your web server, and a single-use token is returned and populated in a hidden form field. The token in the hidden form field is sent with the rest of the data to your server. Your server sends the token(s) to Cardknox in place of the sensitive card data and the transaction is completed using the token's associated credit card data.