I'd like some more information about the security of transactions taking place with the Authorize.net Gravity Forms plugin. I have my forms secured with a basic SSL certificate, but I'm not sure that's enough.
When a purchaser enters credit card info into my form, are those credit card fields housed in an iframe and actually on an authorize.net server or are the fields actually residing in my form, on my web server?
My (limited) understanding is that if the fields are housed within my form, on my web server, then an SSL cert isn't actually very secure.
I'm finding few if any details about the security of the Authorize.net plugin. Where can I get this information?