This is the example HTML taken directly from the WorldPay "Template Form".

They recommend this method if:

• You are not PCI compliant and
• You are not willing to to fill in the SAQ A-EP form

But an evil "hacker" has just changed the <script> tag to use a different URL, nothing more.

As this is insecure, you MUST test with one of these cards (I don't want any of your personal data):

• Visa: 4444333322221111
• Visa: 4911830000000
• Mastercard: 5555555555554444