[jerf]

The credit card is designed for the use case of reading it out over the phone. Part of the reason they aren't free is that credit card usage includes insurance fees against fraud and such. By design, the credit card is designed to be used in an only "mostly secure" manner.

This goes back to the fact that security is not about building impenetrable walls around the thing being secured, and if there's the slightest breach the security is "failed". It's about raising the costs of penetrating the security above the value of penetration. When computers aren't involved [1], it's "hard enough" to gather enough cards to make fraud worthwhile, and even harder to get away with it. (Not impossible... just "hard enough".)

[1]: One of my favorite personal sayings: "To err is human. To fuck up a million times per second, you need a computer." Fraudulently obtaining ten cards by working as a waiter and stealing them over the course of a day is one thing, stealing 25 million in ten seconds from a computer is quite another.

[dalore]

If it can be read over the phone, or written on the outside of mail order catalogs. Why is it not ok to send it via email?

Reading it over the phone people around you can hear it, and say you have children who then go on to use it, are you going to call that fraud (and potentially have something brought against your children)?

[jdbernard]

Because the physical distance your voice can be heard is a much, much smaller pool of people, and it is safe to assume that it generally excludes credit card fraudsters. edit to add: This is also why it is suggested that you wait until you are off the subway to make a purchase over the phone, for example. Who knows who's listening.

Email is available world-wide. Email is not generally secure, and the message is not protected as it is sent on the wire. It is not very difficult for a determined attacker to harvest your email and scan it for common structured data like credit card details. The potential audience here is much, much bigger and is made up of many sharks.

If your kids use your card it is easy to control, you can probably return the purchases and clear up the matter yourself. If a mob in Russia gets your details and starts making fraudulent charges chances either Visa or your bank are going to have to just give you the money to cover the fraud with no realistic recourse of recovering it themselves.

[jerf]

"It is not very difficult for a determined attacker to harvest your email and scan it for common structured data like credit card details."

In particular, let me highlight that scan part. The attacker in question is probably not attacking you personally... the hacker is simply spreading a dragnet as wide as possible and running a simple RE over the whole thing. The odds that a hacker is attacking "your" email is low, the odds that your email is part of some dragnet somewhere is non-trivial, in a world of bot nets and rampant compromises.