Summary: Companies that process online payments are enlisting the help of payment processors - like Stripe, Square, or PayPal - to help them meet stringent compliance standards like PCI DSS. But are they opening themselves up into a security risk? tCell researchers discovered that hackers can use Cross Site Scripting (XSS) to steal payment information. Any web application component (like a chat window) can become a possible attack vector, but very few will have a PCI-style deep security program.
