What type of merchant utilizes an IFRAME to display a PCI DSS-compliant service provider's payment page?

An online merchant typically utilizes an IFRAME to integrate with a PCI DSS-compliant service provider's payment page. This approach allows the merchant to securely collect payment information without handling sensitive card data directly, thereby simplifying compliance with PCI DSS requirements. By embedding the payment page through an IFRAME, the merchant can offer a seamless checkout experience while ensuring that the sensitive payment data is processed by the compliant payment service provider. This is particularly advantageous for reducing the scope of PCI DSS compliance, as the merchant does not store, process, or transmit cardholder data on their systems.

In contrast, retail and brick-and-mortar merchants primarily operate in physical locations and often rely on point-of-sale terminals for transactions, rather than online payment solutions. Mobile application merchants may also interact with payment solutions differently, often developing their own payment functionalities instead of embedding third-party services through IFRAMEs like online merchants do. Thus, the integral role that IFRAMEs play in facilitating online payments makes the online merchant the correct choice in this context.