I do not like how the Braintree payment thing under the paypal button saves your credit card without your permission and how it doesn't ask for your 3 digit security code at the back of the card. I go to buy $5 more of CSC and I noticed that my card had been saved and I didn't get asked for my security code the first time around either.

Please change this! It's very unnerving and very dangerous! Please do not let it save your card without permission, nor please don't let it not ask for that security code. it makes it VERY easy for someone to charge your card without the owner's doing so!

This is not subeta's doing, it's Braintree.

is working on the fact that it saves your information without permission. She thought it was set up to not do that and apparently it wasn't, so that will be fixed (she talked about it in the news post comments)

But the security code thing is because of Braintree (which is run by Paypal, or the other way around either way) and I've noticed that Paypal does it too. That said, I've never had an issue with using my card through Paypal/having my information saved there so I personally am not worried.

with paypal's page, though, you have to log in so i'm not worried about that. With this Braintree thing, however, there is no login or anything. Even though it's run by Paypal. If there's no password necessary for Braintree, then that code should be asked for every single time.

would you please ensure that Braintree asks for that 3 digit security code like Stripe did, or at any rate ask Paypal to get that implemented?

They would still have to get into your Subeta account though = a password ?

And again, it's due to braintree's settings. It's likely not something subeta can change.

even so, if you had to leave your computer or portable device for whatever reason and couldn't log out, it gives people a perfect opportunity to go spending on here...it's just added security. You can never be too careful.

Braintree is owned by PayPal, so I would trust them as much as the parent company. From my understanding, the entire concept of Braintree is to make online purchases much easier and faster ("One Touch").

The security code (CVC/CVV/etc. codes) is not something required by credit card companies to complete a purchase; instead it's up to the merchant (Braintree I believe, in this case) to request it or not. Companies cannot store these codes (per the PCI Data Security Standard), so it makes sense that this feature would not request it (to cut an extra step).

If you are concerned about it, I would suggest using the regular PayPal option that requires you to actually login to their site. Oh, and not sharing your Subeta password.

Though perhaps a warning on the CSC purchase page might be helpful and an easy way to remove it from your saved options.

Right, but what are the chances someone is going to assume you have your credit card information stored on a pet site? I wouldn't assume that and I HAVE my debit card information stored on a pet site (not to mention, Stripe saved your information if you chose to have it saved so it wouldn't be any different even though it asked for the CVC upon saving a card. This is not about the fact that information is currently stored without permission).

Not to mention, what good would it do them if all they could do is buy fake money on a pet site.

Then if Reya is correct and it's only required by the company, if anything, Braintree should require you to enter your PayPal Password so that it can ensure that it's you buying and not someone who's gotten a hold of your credit card info and just wants to run your card up just because

You can enter your paypal password...if you choose to pay by paypal :p

that isn't the point. I'm severely concerned about the safety and security of this so-called "better" method. If Braintree doesn't ask for any kind of validation that states that yes it's the card holder that is making this purchase, then how can it, in reality, be a safer, better way to pay? It's not. BOTH methods of purchasing should be equally as secure. Paypal asks for your paypal account password. Braintree should have something that acknowledges that it's you, not someone else, making that purchase, outside of the fact that you've logged into Subeta with a password. That goes without saying. You can't use the site (Subeta) without logging in. Same should be with this Braintree. You shouldn't be able to make a purchase without logging in or validating the purchase in some way in addition to the credit card.

There's no way for someone to get your credit card number once it is entered/saved. So unless this person who gains access to your account on Subeta wants to purchase CSC on your account, it's going to do them no good. I'm going to assume the people you're concerned about getting into your account by mistake aren't going be be familiar with this site and have any reason to know how to purchase CSC or a reason to do so.

To add: Many other sites have this feature, you're just not use to seeing it on this type of site. For example, Amazon has a one-click option that I use all the time.

I am just confused. Cause if you don't mind using Paypal and/or you want the more secure method, then use that and you should be fine. It is your choice to use the other faster method and it is for people who want to skip a step. It is nice if you do your purchases from home and don't have other people on your computer.

If you're concerned about the safety then that is a good reason to not use it. It is like saying that you don't trust the safety of a Smart Car and that no one should be able to have one because you don't trust it...just don't buy or ride in a Smart Car.

If you have a paypal account and for some reason still don't trust another payment method also run by paypal, why don't you just pay through paypal?

that's not the point I'm trying to make. If someone, somehow, gets someone's credit card number without the owner of that card knows it and knows that that person plays Subeta, what would stop that person, if they discovered that their friend didn't log out of their Subeta account to go joyriding on their account buying CSC without their authorization? Or, worse, use that same credit card to buy CSC on their own personal account on Subeta if they both played? If there was a password required for that card, which, in all honesty, should have an account attached to it (braintree should have a sign-up thing), then it would keep it safe.

I may be playing devil's advocate, but every possible angle should be looked at. In this day and age you should be looking at every possible angle.

Then I suspect that person should be making a phone call to their credit card company to report it as fraud. (Or, they could do it through PayPal - I heard they're pretty good about that stuff).

I'd like to believe that anyone who gains access to your credit card number that would consider purchasing CSC on a site like this with it, would actually have touched the physical card at one point - and was therefore able to write down the CSV number as well...

I noticed that when I used Pay pal it did the same thing. The log in info is still there on my screen after purchase. Will this also be changed? I know it says change payment method but I do not really want it saved on here.

People, if you feel unsafe about this information being disclosed, clear your cookies after purchasing.

This is something that is not on Subeta's end, but Braintree. Keith has all of the good intentions, but I'm not expecting him to be able to make Paypal/Braintree change how they do things.