[ChrisMarshallNY]

My password manager uses manual autofill. I'm not sure it even has auto autofill.

Thanks to AJAX, sites can get text entry immediately.

I remember a guy telling me about a store site he went to, and started to fill out the credit card form, but never completed the purchase. He never hit "BUY."

They charged his card anyway.

[seattle_spring]

Chase Ultimate Rewards travel portal did this at some point in the past. I got to the checkout stage for a hotel booking, never booked, but it still deducted the points from my account. I had to call Chase CS to get them deposited back.

This was 5+ years ago, I assume it's been since changed for the better.

[dylan604]

wait, what? that's super duper shady as shit. the darkest of dark patterns, and probably violates something more than my feelings. there's been many a times i've gotten all the way to the review and just before hitting confirm/submit/buy/purchase/complete/etc, i've backed out because I had forgotten something or decided to check another site just to be sure. luckily, nothing like this has ever happened to me.

[MajorBee]

They could very well store your card information even if they don't fraudulently charge you outright. They could even legitimize this action under the guise of server-side credit card number validation.

[dylan604]

That's different than charging though. A lot different. There's no real way of knowing what goes on under the hood when putting your info into a web/app form like this, but if I was charged for something without pressing the actual buy button then "Houston, we have a problem".

[MajorBee]

True, that would certainly be not as worse and downright illegal as charging. It still seems very slimy, though -- why are you storing my CC details when I never actually made a purchase on your site?