I have developed a website for a customer that takes credit card transactions over their site using a secure shopping cart program. They also use within their site, a password protected page which only their "dealers" may access using a password they get by calling my customer first. That's all working fine; however, my customer is being charged extra by the credit card company they use because this password protected page is failing a security scan.

This is the result of the security scan: "The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext." The password protected page has nothing to do with credit card information being input. It's just to access a different webpage not everyone should see.

My question is: How do we get around this security issue yet keep the password protected page?

Thanks. Any help is appreciated.