diff --git a/checkout-v3/get-started/display-payment-ui/seamless-view.md b/checkout-v3/get-started/display-payment-ui/seamless-view.md index 7f2514074c..7940d817e9 100644 --- a/checkout-v3/get-started/display-payment-ui/seamless-view.md +++ b/checkout-v3/get-started/display-payment-ui/seamless-view.md @@ -104,16 +104,16 @@ Once the payer has completed the purchase, you can perform a GET towards the ## Monitoring The Script URL -With the [PCI-DSS v4][pci] changes taking effect on March 31st 2025, merchants -are responsible for ensuring the integrity of the HTML script used in their -integration, including monitoring what is loaded into or over it. Specifically, -Seamless View merchants must verify that the script URL embedded in their iframe -originates from Swedbank Pay or another trusted domain. It is important to note -that Swedbank Pay’s PCI responsibility is strictly limited to the content within -the payment iframe. For further details, refer to section 4.6.3 in the linked -document. - -To ensure compliance, we recommend implementing [Content Security Policy][csp] +With the [PCI-DSS v4][pci]{:target="_blank"} changes taking effect on March 31st +2025, merchants are responsible for ensuring the integrity of the HTML script +used in their integration, including monitoring what is loaded into or over it. +Specifically, Seamless View merchants must verify that the script URL embedded +in their iframe originates from Swedbank Pay or another trusted domain. It is +important to note that Swedbank Pay’s PCI responsibility is strictly limited to +the content within the payment iframe. For further details, refer to section +4.6.3 in the linked document. + +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content diff --git a/checkout-v3/get-started/display-payment-ui/ui-migration.md b/checkout-v3/get-started/display-payment-ui/ui-migration.md index 44890721ab..f6720af256 100644 --- a/checkout-v3/get-started/display-payment-ui/ui-migration.md +++ b/checkout-v3/get-started/display-payment-ui/ui-migration.md @@ -7,11 +7,11 @@ menu_order: 7 --- As parts of the PCI-DSS best practice becomes requirements with -[PCI-DSS v4][pci] coming in April 2025, using the [Seamless View][seamless-view] -integration to display the payment UI will give merchants more responsibilities -than they currently have. This is because Seamless View is hosted by you. As the -[Redirect][redirect] integration is hosted by Swedbank Pay, we also handle these -responsibilities. +[PCI-DSS v4][pci]{:target="_blank"} coming in April 2025, using the +[Seamless View][seamless-view] integration to display the payment UI will give +merchants more responsibilities than they currently have. This is because +Seamless View is hosted by you. As the [Redirect][redirect] integration is +hosted by Swedbank Pay, we also handle these responsibilities. The updated requirements will include stricter controls and monitoring, particularly around the security of your checkout process. Merchants are @@ -117,7 +117,7 @@ included regardless of your UI choice. If you choose to stay with Seamless View, please take the following under advisement. -To ensure compliance, we recommend implementing [Content Security Policy][csp] +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content diff --git a/checkout-v3/modules-sdks/index.md b/checkout-v3/modules-sdks/index.md index 51b382e572..4e4c1f6b68 100644 --- a/checkout-v3/modules-sdks/index.md +++ b/checkout-v3/modules-sdks/index.md @@ -16,9 +16,9 @@ packaging that handles a lot of the logic towards our REST API, so you don't have to. **Modules, extensions and plugins** are typically used as a way to extend -webshop platforms such as [WooCommerce][woocommerce]{:data-proofer-ignore=''} -with functionality that isn't provided in the core platform. Such functionality -may be to allow visitors of your website to pay with a payment provider such as +webshop platforms such as [WooCommerce][woocommerce]{:target="_blank"} with +functionality that isn't provided in the core platform. Such functionality may +be to allow visitors of your website to pay with a payment provider such as Swedbank Pay. **Software Development Kits** allow developers to integrate with Swedbank Pay's diff --git a/old-implementations/checkout-v2/checkin.md b/old-implementations/checkout-v2/checkin.md index af9d8608e1..ecaf7d8d57 100644 --- a/old-implementations/checkout-v2/checkin.md +++ b/old-implementations/checkout-v2/checkin.md @@ -195,16 +195,16 @@ access them with our script." %} ## Monitoring The Script URL -With the [PCI-DSS v4][pci] changes taking effect on March 31st 2025, merchants -are responsible for ensuring the integrity of the HTML script used in their -integration, including monitoring what is loaded into or over it. Specifically, -Seamless View merchants must verify that the script URL embedded in their iframe -originates from Swedbank Pay or another trusted domain. It is important to note -that Swedbank Pay’s PCI responsibility is strictly limited to the content within -the payment iframe. For further details, refer to section 4.6.3 in the linked -document. - -To ensure compliance, we recommend implementing [Content Security Policy][csp] +With the [PCI-DSS v4][pci]{:target="_blank"} changes taking effect on March 31st +2025, merchants are responsible for ensuring the integrity of the HTML script +used in their integration, including monitoring what is loaded into or over it. +Specifically, Seamless View merchants must verify that the script URL embedded +in their iframe originates from Swedbank Pay or another trusted domain. It is +important to note that Swedbank Pay’s PCI responsibility is strictly limited to +the content within the payment iframe. For further details, refer to section +4.6.3 in the linked document. + +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content diff --git a/old-implementations/checkout-v2/payment-menu.md b/old-implementations/checkout-v2/payment-menu.md index 5bc7bedb9e..8a8ad693fd 100644 --- a/old-implementations/checkout-v2/payment-menu.md +++ b/old-implementations/checkout-v2/payment-menu.md @@ -175,16 +175,16 @@ request.send(JSON.stringify({ ## Monitoring The Script URL -With the [PCI-DSS v4][pci] changes taking effect on March 31st 2025, merchants -are responsible for ensuring the integrity of the HTML script used in their -integration, including monitoring what is loaded into or over it. Specifically, -Seamless View merchants must verify that the script URL embedded in their iframe -originates from Swedbank Pay or another trusted domain. It is important to note -that Swedbank Pay’s PCI responsibility is strictly limited to the content within -the payment iframe. For further details, refer to section 4.6.3 in the linked -document. - -To ensure compliance, we recommend implementing [Content Security Policy][csp] +With the [PCI-DSS v4][pci]{:target="_blank"} changes taking effect on March 31st +2025, merchants are responsible for ensuring the integrity of the HTML script +used in their integration, including monitoring what is loaded into or over it. +Specifically, Seamless View merchants must verify that the script URL embedded +in their iframe originates from Swedbank Pay or another trusted domain. It is +important to note that Swedbank Pay’s PCI responsibility is strictly limited to +the content within the payment iframe. For further details, refer to section +4.6.3 in the linked document. + +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content diff --git a/old-implementations/checkout-v2/ui-migration.md b/old-implementations/checkout-v2/ui-migration.md index 698f735c41..6776636b92 100644 --- a/old-implementations/checkout-v2/ui-migration.md +++ b/old-implementations/checkout-v2/ui-migration.md @@ -7,11 +7,11 @@ menu_order: 11 --- As parts of the PCI-DSS best practice becomes requirements with -[PCI-DSS v4][pci] coming in April 2025, using the [Seamless View][seamless-view] -integration to display the payment UI will give merchants more responsibilities -than they currently have. This is because Seamless View is hosted by you. As the -Redirect integration is hosted by Swedbank Pay, we also handle these -responsibilities. +[PCI-DSS v4][pci]{:target="_blank"} coming in April 2025, using the +[Seamless View][seamless-view] integration to display the payment UI will give +merchants more responsibilities than they currently have. This is because +Seamless View is hosted by you. As the Redirect integration is hosted by +Swedbank Pay, we also handle these responsibilities. The updated requirements will include stricter controls and monitoring, particularly around the security of your checkout process. Merchants are @@ -46,7 +46,7 @@ help you. If you choose to stay with Seamless View, please take the following under advisement. -To ensure compliance, we recommend implementing [Content Security Policy][csp] +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content diff --git a/old-implementations/payment-instruments-v1/card/seamless-view.md b/old-implementations/payment-instruments-v1/card/seamless-view.md index 559282d5b5..9f66b86fa9 100644 --- a/old-implementations/payment-instruments-v1/card/seamless-view.md +++ b/old-implementations/payment-instruments-v1/card/seamless-view.md @@ -110,16 +110,16 @@ embedded on your website. ## Monitoring The Script URL -With the [PCI-DSS v4][pci] changes taking effect on March 31st 2025, merchants -are responsible for ensuring the integrity of the HTML script used in their -integration, including monitoring what is loaded into or over it. Specifically, -Seamless View merchants must verify that the script URL embedded in their iframe -originates from Swedbank Pay or another trusted domain. It is important to note -that Swedbank Pay’s PCI responsibility is strictly limited to the content within -the payment iframe. For further details, refer to section 4.6.3 in the linked -document. - -To ensure compliance, we recommend implementing [Content Security Policy][csp] +With the [PCI-DSS v4][pci]{:target="_blank"} changes taking effect on March 31st +2025, merchants are responsible for ensuring the integrity of the HTML script +used in their integration, including monitoring what is loaded into or over it. +Specifically, Seamless View merchants must verify that the script URL embedded +in their iframe originates from Swedbank Pay or another trusted domain. It is +important to note that Swedbank Pay’s PCI responsibility is strictly limited to +the content within the payment iframe. For further details, refer to section +4.6.3 in the linked document. + +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content diff --git a/old-implementations/payment-instruments-v1/card/ui-migration.md b/old-implementations/payment-instruments-v1/card/ui-migration.md index e70ae9ca45..1568c12467 100644 --- a/old-implementations/payment-instruments-v1/card/ui-migration.md +++ b/old-implementations/payment-instruments-v1/card/ui-migration.md @@ -7,11 +7,11 @@ menu_order: 600 --- As parts of the PCI-DSS best practice becomes requirements with -[PCI-DSS v4][pci] coming in April 2025, using the [Seamless View][seamless-view] -integration to display the payment UI will give merchants more responsibilities -than they currently have. This is because Seamless View is hosted by you. As the -[Redirect][redirect] integration is hosted by Swedbank Pay, we also handle these -responsibilities. +[PCI-DSS v4][pci]{:target="_blank"} coming in April 2025, using the +[Seamless View][seamless-view] integration to display the payment UI will give +merchants more responsibilities than they currently have. This is because +Seamless View is hosted by you. As the [Redirect][redirect] integration is +hosted by Swedbank Pay, we also handle these responsibilities. The updated requirements will include stricter controls and monitoring, particularly around the security of your checkout process. Merchants are @@ -117,7 +117,7 @@ included regardless of your UI choice. If you choose to stay with Seamless View, please take the following under advisement. -To ensure compliance, we recommend implementing [Content Security Policy][csp] +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content diff --git a/old-implementations/payment-menu-v2/payment-order.md b/old-implementations/payment-menu-v2/payment-order.md index b0415339cd..8219c38d0e 100644 --- a/old-implementations/payment-menu-v2/payment-order.md +++ b/old-implementations/payment-menu-v2/payment-order.md @@ -149,16 +149,16 @@ request.send(JSON.stringify({ amount: 1200 })); ## Monitoring The Script URL -With the [PCI-DSS v4][pci] changes taking effect on March 31st 2025, merchants -are responsible for ensuring the integrity of the HTML script used in their -integration, including monitoring what is loaded into or over it. Specifically, -Seamless View merchants must verify that the script URL embedded in their iframe -originates from Swedbank Pay or another trusted domain. It is important to note -that Swedbank Pay’s PCI responsibility is strictly limited to the content within -the payment iframe. For further details, refer to section 4.6.3 in the linked -document. - -To ensure compliance, we recommend implementing [Content Security Policy][csp] +With the [PCI-DSS v4][pci]{:target="_blank"} changes taking effect on March 31st +2025, merchants are responsible for ensuring the integrity of the HTML script +used in their integration, including monitoring what is loaded into or over it. +Specifically, Seamless View merchants must verify that the script URL embedded +in their iframe originates from Swedbank Pay or another trusted domain. It is +important to note that Swedbank Pay’s PCI responsibility is strictly limited to +the content within the payment iframe. For further details, refer to section +4.6.3 in the linked document. + +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content diff --git a/old-implementations/payment-menu-v2/ui-migration.md b/old-implementations/payment-menu-v2/ui-migration.md index fa137e4820..cff1a37d06 100644 --- a/old-implementations/payment-menu-v2/ui-migration.md +++ b/old-implementations/payment-menu-v2/ui-migration.md @@ -7,11 +7,11 @@ menu_order: 11 --- As parts of the PCI-DSS best practice becomes requirements with -[PCI-DSS v4][pci] coming in April 2025, using the [Seamless View][seamless-view] -integration to display the payment UI will give merchants more responsibilities -than they currently have. This is because Seamless View is hosted by you. As the -Redirect integration is hosted by Swedbank Pay, we also handle these -responsibilities. +[PCI-DSS v4][pci]{:target="_blank"} coming in April 2025, using the +[Seamless View][seamless-view] integration to display the payment UI will give +merchants more responsibilities than they currently have. This is because +Seamless View is hosted by you. As the Redirect integration is hosted by +Swedbank Pay, we also handle these responsibilities. The updated requirements will include stricter controls and monitoring, particularly around the security of your checkout process. Merchants are @@ -122,7 +122,7 @@ included regardless of your UI choice. If you choose to stay with Seamless View, please take the following under advisement. -To ensure compliance, we recommend implementing [Content Security Policy][csp] +To ensure compliance, we recommend implementing [Content Security Policy][csp]{:target="_blank"} rules to monitor and authorize scripts. Merchants must whitelist the following domains to restrict browser content