When the new elloha payment environment went online on 13 April, the 3D Secure V2 version of the Stripe payment form was integrated.
Although this blockage did not appear during our tests with sandbox versions, we have found thatthe Stripe form for entering bank details does not work when it is called up in an Iframe (page within the page).
Example of an Iframe in a destination website :
Stripe blocks the form in an Iframe if the elloha account has the Stripe virtual TPE activated:
If your web agency has integrated the elloha booking engine into an Iframe for the detail page of your site, your customers will not be able to enter their credit card to book elloha accounts that have the Stripe virtual POS terminal activated. (OK for other Paybox/Payzen virtual payment terminals or credit card guarantee).
Everything works correctly if the booking engine is not called up in an iframe.
We are looking for a solution to this incompatibility issue, but following discussions with the Stripe teams, the only quick option to put in place at this stage is not to call the payment form in an iframe, a technique that is incompatible with their credit card entry security standards.
In practical terms, this involves your web agency deactivating the Iframe integrated into the product details page on your sites and replacing it with a Book button that launches the elloha booking engine on a new web page.
The work involved on the website is not very complex. Here is the article detailing the integration of direct links or elloha widgets:
If your web agency needs technical support from us, they can contact us at [email protected].
For our part, we are investigating the possibilities of keeping the Iframe as a possible option for integrating the BE. While some options are already under consideration, they will require a testing phase that is incompatible with a rapid resolution of the issue.
We are very sorry to have to impose this iframe-related security restriction on our partner Stripe.