cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Improve saved payment methods

squarooticus
Making moves

Offer to save the CVV code. A web browser is not subject to PCI controls: it can save those codes on behalf of the user and automatically input them into forms. Browsers don't handle "cardholder data" per the PCI spec: they merely handle user-provided data and do things on behalf of the user. Consider them an untrusted part of the payment ecosystem, like a pen or human memory.

But also stop entering form data without a click by the user. Having my half-entered information erased because my mouse cursor happens to be in the wrong place when Firefox discovers it's a payment form is INCREDIBLY ANNOYING.

0 REPLIES 0