12-07-2025 12:06 PM
Offer to save the CVV code. A web browser is not subject to PCI controls: it can save those codes on behalf of the user and automatically input them into forms. Browsers don't handle "cardholder data" per the PCI spec: they merely handle user-provided data and do things on behalf of the user. Consider them an untrusted part of the payment ecosystem, like a pen or human memory.
But also stop entering form data without a click by the user. Having my half-entered information erased because my mouse cursor happens to be in the wrong place when Firefox discovers it's a payment form is INCREDIBLY ANNOYING.