Web-based payment applications that allow a cardholder to enter payment card information to complete an online checkout process are commonly referred to as a payment page. When these payment pages are outsourced, or hosted, a merchant is then relying on a third-party service provider to securely manage the application, accept the cardholder data, and authorize the transaction.
For example, when the cardholder is ready to checkout when making an online purchase, he or she is redirected from the merchant’s own web site and handed off to a service provider’s payment page. The cardholder then enters his or her payment card information directly into the service provider’s page. Once the service provider authorizes the transaction, the cardholder is sent back to the merchant’s web site to receive any final information or to continue shopping. In many cases, this process often is seamless to the cardholder.
Per that scenario, the merchant’s web application is no longer transmitting, storing, or processing cardholder data since the cardholder provides that information directly to the service provider via the payment page.