[clan]

I have always hated the thought that retailers stored my credit card information. Seems to be very common with US based shops.

If this gets any traction I will need to fight even harder to opt out.

I yearn for the day I can have one off transaction codes.

[ams6110]

These days the retailers don't (or shouldn't) store it. They store a token that the payment processor (e.g. Stripe) uses as a key to the card data that they store.

If you as a retailer have your checkout page set up properly, the actual card data never hits your server.

[clan]

That only makes it slightly better. It is still stored at payment provider. Hopefully they are better at safeguarding my data.

But if I only supplied a token. with a value I determined I would not have to worry.

[shimon]

If you're sufficiently motivated, you can do this today with Virtual Credit Card Numbers: https://en.wikipedia.org/wiki/Controlled_payment_number#Virt...

[owenmarshall]

> But if I only supplied a token. with a value I determined I would not have to worry.

You mean the username and password for the site you've logged on to? ;-)

[thaumasiotes]

No, your credentials don't have a defined monetary value.

A temporary card number can be configured with a fixed value you specify; most banks provide the service for free.

You can also buy a Visa or AmEx gift card, and use that.

[fulldecent]

My company does $1m in sales annually. Stripe requires 7 days to close payments (versus 1d for other merchant accounts).

The extra $16k of float that Stripe requires is not worth it for me. This is why we have credit card numbers come to our server.

[edwinwee]

If you're based in the US or AU, we have a 2-day rolling payout schedule: https://stripe.com/docs/payouts

We're working to speed this up for other countries!

[user5994461]

Stripe is a tiny payment provider that is smaller than any major e commerce site.

Most of the major sites do store cards information and they go through the annoying PCI DSS compliance to be allowed to do just that.

[criley2]

You mean like a temporary credit card number valid for a small period of time or valid for a specific vendor?

We have those (at least in America), and have for many years. Services like "ShopSafe".

They also create many hassles and headaches. Can make returns difficult, validation difficult (please show the card used, what, it's a virtual card?), and the rigor may not be great (reoccurring charges on "invalidated" numbers, etc).

[clan]

Yes - exactly. And with a specified amount so I am safeguarded from anu surprises.

I have never seen a service like that - so (I think) it is mainly on your side of the pond.

[kalleboo]

My Swedish bank also supports it so it's not unheard of in Europe either

[slvrspoon]

online virtual credit card #'s with specific values have pro's and con's for sure. we processes $millions of these for e-commerce: https://www.abine.com/maskme/features/cards/ #disclaimer i work at abine.

[xxpor]

I know virtual credit card numbers are a thing, but on the other hand I just solve it by having a different CC for subscription payments vs everyday transactions. If the every day card has fraud and I need to change the number, no skin off my back. If the subscription card needs to be changed, I have a convenient list of everyone I need to contact because it sees the exact same charges every month.

[aianus]

Why don't you like retailers storing your card? You get all the convenience with none of the risk (if there's any fraud the merchant eats all of it!).

[joecool1029]

For credit cards this is the case.

For debit cards, the dispute process is called Reg E and the consumer is out the money for a month or more until decided in their favor. So there's risk in storing a debit card number.

[benmowa]

"if there's any fraud the merchant eats all of it!"

- not 100% true- see "fraud Liability Shift topics" Your card Issuer gets it if it's an EMV (ie chip was dipped) card-present transaction, merchant gets the liability if it was online or over the phone-Exception being if 3DS is used. Fraud is ultimately payed for either by your bank or by the merchant.

[icebraining]

If the chip is present, then the merchant storing the card info is moot, no?

[benmowa]

no because they can be breached leading to other transactions appearing on your card.

[clan]

Because I would need to detect the fraud first. And fraudsters tend to be clever!

I hardly ever use cash anymore so my bank statements have a lot of action going on.

How closely do you monitor those?

[nostrebored]

This is an astoundingly naive view of what credit card fraud costs. The merchants are not doing this charitably. Your cost will be amortized somewhere.

[aianus]

Of course the products are all marked up to cover the fraud, but it's not like you can opt out of that markup so you might as well take advantage of the convenience.

[nostrebored]

Surely you can see that an adoption of this strategy results in an inefficient allocation of resources...

It doesn't truly benefit you, hurts the merchant, increases prices for everyone.

[aianus]

I would prefer a push based system like Bitcoin where I can assume 100% control and liability at near-zero cost but I know I'm in an extreme minority.

People love zero liability so that's where we are and we all have to pay for it.

[kuschku]

If your card vendor does this stuff. Depending on where you live, this might not be true.

[9to5isdead]

That would be a great USP for a payment provider, sadly, most banks aren't interested in anything new.

[icebraining]

Many banks (including e.g. BofA) have exactly this, they're called Virtual Credit Cards.

[benmowa]

welcome to the future :) i'm a huge fan of http://getfinal.com/

edit: for clarification, yes for in store, my card is the same card and I cant easily generate a new number to swipe at a POS, but online & via app I manage 1-time payments (generated card number shuts off after successful charge) or 'Merchant Locked' card numbers that will only work at that merchant and which I can shut off any time.

With this i'm much more comfortable giving out my CC to a shady/basic website if i'm concerned. (ie buying mulch from the company's barebones website)

[Eric_WVGG]

That's Apple Pay in a nutshell.