Well, you don't really store the passwords on your servers, but rather store it on user's own devices (in a keystore, for instance). The user then agrees to push the credentials to your servers periodically instead of typing the password to authorize the payment.