As the number of scams and malware threats increase on Facebook and Twitter, it can be hard to keep track of what’s legitimate and what’s not anymore in a way that is in plain-English for non-techies, who are arguably the ones who need this information the most.
In short – you can’t. Or at least not if you want to be PCI compliant. In order to pass a user’s personal information through a secure encrypted channel, you will need to collect that data on an IFRAME application page. No two ways about it. Here’s why: