Managing sensitive data
Online payment transactions are regulated by strict rules (PCI-DSS certification).
As a merchant, you have to make sure to never openly transcribe data that could resemble a credit card number. Your form will be rejected (code 999 - Sensitive data detected).
Special attention should be paid to order numbers containing between 13 and 16 numeric characters and beginning with 3, 4 or 5.