nightcraw1er.488: If it’s just a token like that, how does GOG know what card to use, and what account to put the game in?
The article posted by
SCPM does a good job of explaining that:
With tokenization, the only data stored on the merchant's network is the token. The sensitive card data itself is stored on a server with much higher security. The token is basically a link to that data. About your comment stating that "there will always be a weak point". I agree. This is technically true about everything in life: there is no such thing as 100% security or 100% safety. Such a thing will never exist. Period. I am not being cynical. A good analogy is this: as a driver, I can be the safest behind the wheel, following every single road rule in the book, taking every precaution to be the best driver on the road, but all it takes is a careless drunk driver on the same road as me and I get implicated in an accident I never asked for. Same for digital security.
Here's a more specific example: my Mom is technologically-challenged. She can barely operate a TV remote (bless her). Does not own an ATM card. Has never experienced the Internet, so no online banking ever. If she needs to pay bills or withdraw cash, she does so the old-fashioned way: presents herself in person to the bank teller. Yet, last year or so, she was the victim of identity theft. Strange for an old lady who has never set foot in the digital era. I was shocked! How could my Mom, of all people, have had her digital identity stolen?! Then we found out why: an employee from her bank took the company laptop to a cafe, decided to go to the washroom while leaving the laptop unattended and it got stolen, along with the personal data of every client at that bank.
Moral of the story? I don't know. LOL! I guess I continue to be as safe as I can be. Like you, I never save my details on any merchant site, nor within my web browser, and I use a pre-paid credit card with very limited funds whenever I shop online. I trust GOG's transaction system, but I also know that nothing is 100% secure. Most credit card companies know this and it's why most have a refund policy for fraudulent purchases.