Why some payment methods allow being embedded in an iframe and some don’t?

Let’s take some examples:

Pay Pal, Apple Pay (examples via Saferpay) – will not load in an iFrame
Visa Checkout, Stripe (example), Saferpay (link above) – credit card data can be input in an iFrame

Is there any technical/security reason … Continue reading Why some payment methods allow being embedded in an iframe and some don’t?

Verification of certificate trustworthiness (e.g. in JWS and Client Certificate)

I am comparing implementation complexity of JWS and Client Certificate and troubleshooting Client Certificate at the same time.
I understand that both methods require to prove that the certificate (x5c in JWS or the actual Client Certifica… Continue reading Verification of certificate trustworthiness (e.g. in JWS and Client Certificate)

What are disadvantages of a reverse OTP flow, where OTP is visible on a website and is retyped on authenticated mobile client?

I want to authenticate a user on a 3rd party website (this is more or less an OAuth flow, so this website will be able to perform actions on behalf of my user afterwards, e.g. receive some of her data). My user is already authenticated in … Continue reading What are disadvantages of a reverse OTP flow, where OTP is visible on a website and is retyped on authenticated mobile client?