Offer to save the CVV code. A web browser is not subject to PCI controls: it can save those codes on behalf of the user and automatically input them into forms. Browsers don't handle "cardholder data" per the PCI spec: they merely handle user-provide...
