[Mordisquitos]

> But from a technical perspective, nothing is stopping a merchant from accepting your CC details directly.

From a technical perspective, no, nothing is stopping the merchant from asking you for a string of numbers and a month/year date, storing it, and believing that "technically" they can send it to the Stripe API to charge you.

That's when they will realise that, from a business perspective, there absolutely is something stopping them: that they literally cannot do any business whatsoever with your CC details directly, unless they are fully PCI compliant to the same level as an actual PSP.

[the_sleaze9]

I had a job waiting tables when I was a teenager when my co-worker got busted for writing down credit card numbers and info when she took the tables' cards to charge them. Apparently she had racked up over 100 thousand in fraud over time.

What stops a business from doing the same thing?