Oh clearing cookies and stuff is a good idea. I removed my saved card on Paypal cus I wasn't happy that the information was not only on my computer when I went to the shop but also my phone without me even reentering it. And if someone buys a ton of CSC on me that just means I have to buy more CWs. THAT NEVER GOOD. LOL But the removing cookies is a good suggestion. :)

That's not actually possible in any way, shape, or form. They cannot see your credit card information. All they get is the last 2 digits of your card. If they can somehow guess all of the other digits in your card, as well as the expiration date, then I suppose they could use it - but you can also report it as unauthorized use to your credit card company, Braintree, and Subeta.

There are numerous workarounds to remove the stored info - as provided by staff on this thread.

Also you don't have to use this option - you can continue to use PayPal, which requires the login that you want. Most stores don't check ID so realistically, anyone can steal my credit cards and use them at the store and nobody would be the wiser until I noticed purchases. The CVV code really is not all that helpful for a large majority of things. All it means is that you know it, not that you have the card.

And on a side note - once I stored my card with Stripe, I was not asked in any way, shape, or form to confirm who I was when I clicked the "Buy CSC" button. This is no different whatsoever. Just because Stripe asked me one time to provide my CVV does not mean that someone still couldn't just open my browser and come buy CSC on here (although why anyone would want to buy me more CSC on my own account is beyond me - what benefit would that even have for them?). The argument that someone could do that because the information is saved and didn't ask for CVV initially is invalid to anyone who already used the previous quick option.

I'm with - I'd be way more concerned that they'd go to town on Amazon. I should probably log out of there more often but then it inconveniences me hahaha. Plus my computer sits here safely at my house - if they break into my house I'll be reporting a lot more than just an unauthorized credit card purchase stares at my electronics and frets

So...honestly what I'm getting from this is that you want better security, but you don't want to change any of your own habits in order to be more secure. You have been given numerous alternate options, and you've been given explanations of how/where your credit card info is saved. You've established that you don't want to log out regularly or clear your cookies, because it would be a nuisance. But how much work do you think it'd be for Subeta staff to convince Braintree to change how they do things?

Also, you want some kind of proof that it's the cardholder entering the info? The only way to do that would be to have a video call with somebody at Braintree, show them your ID, and show them that your name on your ID matches your credit card. If I stole somebody's credit card, I'd have all the info I need right there to make purchases. The point is that I would be /caught/.

I've mentioned many times over that when you buydirectly through PayPal, you're required to login your PayPal account information which should be separate from your Subeta information. That's how you verify that you are tge card holder. Another way to put it is that it's the security gatekeeper.

With Stripe, if you saved your information, you were asked to enter your cell phone number so that a security PIN could be texted to your phone. If you don't have a phone, they asked for the CVC number. While I am aware that that number is not necessary for transactions, if someone got a hold of your card by any other way (credit card statement, PIN pad theft {remember that PIN pad theft from US Targets?}, or any other way extreme or not), other than having the card directly in your hands, that CVC number isn't there. Entering that number into Stripe's pay page gave you the added security.

With Braintree there is no sign up, there is no password protection outside of your Subeta login information, and there's no request for the CVC number. That means that anyone who has your credit card information can easily make a purchase. Even if you clear your card information by clearing your cookies and cache, it won't make any difference if someone already has your card. With all the news that has been around regarding credit card theft and use, I'm actually horrified that this Braintree payment option hasn't taken better security precautions. It's way too great an invitation for people to spend on your card.

It doesn't even matter what method of payment that you choose. Change the method of payment and the person has free access as long as they have the name and number on the card.

At the moment, I can't even find a way to change the payment option. All I can seem to use right now is Braintree. All I get when I try to change options is to add another card.

I honestly don't know why so many people aren't seeing red flags with Braintree, no matter who they're owned by, because not having any proper security methods taken is something that should be highly questioned. To me, a company being owned by another, no matter how trusted that company that owns the others is, if the same precautionary methods are not taken, then how can they be the same level of security as the company that owns it?

I always make sure that all bases are covered, in regards to security, before I go ahead and put my card online. I trusted that Braintree was the same as PayPal...and security-wise, it's not the same at all.

Most public places (libraries, hotels, etc) may not even let you have access to clearing cache and cookies. So you can't even do that easily.

I don't care if I'm part of the minority group where the few like me really want the best form of security for our cards. The fact of the matter remains - if all you need to provide is a credit card number and the name on the card, where's the security in that?

You're putting your card number out there. If even one person feels unsafe using a particular method or how a particular method works, then safety and security of that method should be re-evaluated. Why have passwords been implemented? For added security. Braintree not having any password protection should be enough to question how they operate.

If you don't see the blue paypal button, then you might have an add-on that is blocking it...

that's only a side note. It's not my whole issue here. Also, I could see the button before I decided to try this Braintree method, now I can't see anything else but the option to use Braintree.

Side note, if you pay through Paypal without logging in (which I'm not sure is possible specifically on Subeta, but I have used it in the past plenty of times), it doesn't ask for your CVC there either. So I'm not surprised that they don't ask for it for Braintree payments.

In this specific situation, if .1% of people have issues with something, maybe it's not the something that's the problem.

Does this help any? Here's what it looks like on my screen- a paypal button that you can't miss. It brings up a window to sign into paypal.

I didn't even notice the CVV was added until just a little while ago...and my posts were long since made before I noticed that the CVV was being asked for. So I'm grateful that this has been implemented. Very grateful.