In short – you can’t. Or at least not if you want to be PCI compliant. In order to pass a user’s personal information through a secure encrypted channel, you will need to collect that data on an IFRAME application page. No two ways about it. Here’s why:
Using SSL in a Facebook Application Tab
U