It’s often considered good usability to include default text in a form text input field, however if you don’t go the extra step to clear the form when the user clicks into the field to begin typing, you force them to first delete your default text before entering their own values.
In short – you can’t. Or at least not if you want to be PCI compliant. In order to pass a user’s personal information through a secure encrypted channel, you will need to collect that data on an IFRAME application page. No two ways about it. Here’s why: