I was quite surprised today when I was filling out a credit card form when I clicked into the CVV form field and the correct CVV code to my card popped up in the browser auto-fill.
I would expect the browser to have blocks in place to not store the CVV code from any credit card, since all credit card regulations specifically prohibit storing CVV codes in any way.
May depend on the form, if identified as a CVC code (it shouldn’t save) or if the field just an numeric field. Which company payment form details saved your CVC details?
Also your details are saved here: brave://settings/payments
I noticed this happening to me today on GOG.com. The HTML element for the field I encountered is below. Brave autofilled it with my 3-digit code, although it’s clearly flagged as a cc-csc field. Plus, I haven’t bought anything on GOG.com on this computer before, so it must have previously saved the code on another form somewhere else. I hunted for it in settings but could not find where it was stored to delete it. (Though, FYI to anyone else encountering this issue, you can delete a saved autofill entry by clicking into the field where it appears, pressing the arrow keys to select the entry you want, and pressing Shift-Delete on Windows or Shift-Fn-Delete on Mac.)
<input id="encryptedSecurityCode" type="text" inputmode="numeric" maxlength="4" autocomplete="cc-csc" placeholder="3 digits" aria-label="Security code field" aria-invalid="true" aria-required="true" aria-describedby="ariaErrorField" class="js-iframe-input input-field" data-type="gsf" style="display: block;">
Same thing happened to me today. There are NO credit cards saved in brave://settings/payments, so I can’t delete the card and its associated CVC. ETA: wonder if the fault is with the site’s source code? It’s CVS.com so that’s BAD if so.
< label for=“securityCodeCC” class=“form-module__title”>Security Code< input name=“securityCodeCC” id=“securityCodeCC” type=“text” class=“Form-module__container” aria-label=“Security Code” aria-describedby=“error-message” maxlength=“4” value=“525” wtx-context=“C45B9290-CC85-4833-875F-7A5994E7442C” >