As the number of scams and malware threats increase on Facebook and Twitter, it can be hard to keep track of what’s legitimate and what’s not anymore in a way that is in plain-English for non-techies, who are arguably the ones who need this information the most.
In an article posted today on the Facebook Developer Blog, Facebook announced that they would be offering users the option to switch their Facebook experience to HTTPS-only, which would force all Facebook page loads to be routed over SSL.
In short – you can’t. Or at least not if you want to be PCI compliant. In order to pass a user’s personal information through a secure encrypted channel, you will need to collect that data on an IFRAME application page. No two ways about it. Here’s why: