“Though I have a tolerably good handle on e-commerce software, I’ve not written much of it myself. In this respect, I’m not one to know what’s going on under the hood at any given site: maybe there is a reason why something works the odd way it does. But I’ve observed one technique that has been nearly universal: the practice of refusing to allow spaces or dashes in credit card number entry fields…
Credit card numbers are always printed and read aloud in groups of (usually) four digits, and when verifying a number after entry (which involves looking back and forth between the card and the web form) one uses the spacing to resynchronize. If there were some security or integrity reason for disallowing these characters, I guess I’d buy it, but I’ve not found a single good reason for it. The consensus among those that I’ve spoken to is that it’s nothing but lazy, sloppy programming. I completely agree.”