The credit card information was not masked as it was entered.
I have not checked the PCI DSS to see what is required for a web payment form but I would suggest to at least mask the CVV.
1
vote
Justinn Washington
shared this idea