This is the example HTML taken directly from the BrainTree "Drop-in Payment UI".

They says that "it is eligible for SAQ A since Braintree hosts the form that captures customer payment information".

But an evil "hacker" has just changed the <script> tag to use a different URL, nothing more.

As this is insecure, you MUST test with one of these cards (I don't want any of your personal data):

• Visa: 4111111111111111
• Visa: 4005519200000004
• Mastercard: 5555555555554444