Please, in the future, whenever talking about PCI compliance, cite chapter and verse. There's more than enough wild speculation running around about it, all sorts of myths are repeated and propagated.
I asked a GetGamesGo employee about the pasting issue and that is what he told me. Let me get the full quote:
"Cut/paste passwords – that’s a stipulation of PCI compliance. We could scrap it, but they ask for it. We have to be PCI compliant on card processing."
I provided as much information as I had available, I do not know the chapter/verse. Apologies if I spread any misinformation, I took this rep at his word.
I have spent a fair bit of time reading the PCI standards and I have never seen such a requirement. I suppose it is possible that some sort of independent auditor is making that call but it isn't in the standard anywhere I can see. (Auditors seem to have a huge amount of discretion here.)
