Can a parent domain capture input from a foreign iframe?

My team helps manage several ecommerce stores. We've always used Recurly for billing.

I noticed that they implement a strange security method: each form input is enclosed in an iframe on Recurly's domain. In each iframe, there is a unique token. When a user submits the final order form, all the information is grouped back together on the backend.

Naturally, I've been trying to think of ways to break this, to better secure our clients. At first, I thought it would be trivial to circumvent, but I am stumped.

Is there any way someone with code-execution on our clients' servers, can capture the payment data, through the iframes?

Solution

Well if you have access to the server, you could setup a proxy server and conduct a man in the middle attack to get the data. G

Chunk downloading of the big files right to the hard drive
My custom CSS transition animation is not working on hover after I added AOS JS library
how to get the Google analytics client ID
Toggle vue-multiselect close/open on button click
Best way to filter an objects's properties for data
Passing function with arguments as a prop and invoking it internally in React
Outlook calendar don't render with FullCalendar
Is there a way to validate and allow only https url's using .isUri i.e. without using Regex in JavaScript?
How to clear react native webview cookies?
Skipping a test in Cypress conditionally
How can I get all the HTML in a document or node containing shadowRoot elements
Typescript: No index signature with a parameter of type 'string' was found on type '{ "A": string; }
Retain Twitter Bootstrap Collapse state on Page refresh/Navigation
How to get "Results per Row" (from a 'clicked entry' off a "dropdown menu") to show up correctly?
Is there is a C# function which is similar to .Map() in JavaScript?
How to trigger SVG render same as manual DOM edit in Chrome using JS?
How do I test a Node.JS Script that is not a module and runs as soon as it's called?
Set element width based on a string that is not in the element
Testing JavaScript Written for the Browser in Node JS
Where are the trailing commas coming from in these radio buttons?
How to verify a signature from the Phantom wallet?
How to get the value of a Google Chrome flag using Javascript
event.preventDefault cannot block clipboard paste in chatgpt.com prompt box
Should I use ref or findDOMNode to get react root dom node of an element?
Disable button for 5 seconds with different label and change after it
JavaScript - Get all but last item in array
React-Redux: Should all component states be kept in Redux Store
Is it possible to use Closure Compiler ADVANCED_OPTIMIZATIONS with jQuery?
Capture selected option returns not defined instead
Uncaught TypeError: matchExpr[type].exec is not a function