Hi 
I found this pen by a really cool developer: https://codepen.io/mslilafowler/pen/PXbxyx
If I test out the form it already gives me my mastercard credentials (the web browser knows its a payment form). How is that happening?
What I really mean is, if I put this on my website, how can users trust me with their credentials: how do I know it’s safe?
The web browser knows because you’ve saved your details with Google or Apple, it isn’t doing anything super clever: it just assumes it’s a credit card input from the HTML and attempts to autofill with your saved details.
Regarding security, you can’t, but the payments have to go through a payment processor (like Google Pay or Apple Pay or Stripe). The person taking the payments has to be registered with [and is charged per transaction by] them, so if you make a payment it should be tracked and any possible fraud detected quickly. Should being the operative word
If you put this on your website it isn’t going to shouldn’t do anything: in this situation, the card details the user can see should not be ever visible to you without something bad like you’ve made some script that logs their keypresses so you can steal their details.
That’s super explanatory and exactly what I needed to know. Thanks, I learnt a bunch of new things from your answer