Best practices for Direct POST
Learn how to manage security and anti-fraud controls for Payment Pages using Direct POST, including disabling CAPTCHA and reviewing existing implementations.
Direct POST gives you more control over your end user experience. As such, you are responsible for implementing your own anti-fraud controls and preventing malicious use.
By default, all new Payment Pages require CAPTCHA. However, you need to disable CAPTCHA on any new Payment Pages created for use with Direct POST. Your page could experience unhandled errors if CAPTCHA is not disabled.
For the existing Payment Pages implemented through Direct POST, it is recommended that you review your approach for managing malicious use and anti-fraud submission controls.
To better manage security settings for Payment Pages, we strongly recommend that you create a payment page using only iFrame or only Direct POST.