Based on a tip at Pete Freitag’s blog, we have increased the security of our credit card forms.
Always, always set autocomplete=”off” in the input tag. For example:
<input type="text" name="cc" autocomplete="off" />
This feature will prevent many browsers from automatically completing the credit card fields and storing the numbers in plain text on the user’s hard drive. It reportedly works well in Internet Explorer and Mozilla browsers; however, it is not standard XHTML so it will not validate. Still, it is a fair trade-off for a more secure application, client-side.