It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
You can now store your card for later use.

When making any purchase with a credit or debit card, you can now select the option to save your card for later use.



If your payment is successful, that card will be remembered for later use. You'll be able to select it during your next checkout without retyping the info every time. Simple, straightforward, and probably very familiar.


We're taking advantage of tried and tested industry-standard solutions used across the world today. Among other things, this means your entered payment data isn't actually kept anywhere on GOG.com. Once your bank approves the purchase, your entered card number is replaced with a unique, encrypted token that can be used only by us to process your future payments, and which cannot be reverse engineered to resolve your card number and data. From time to time, we'll also ask you to verify your information based on a number of security factors, like if you haven't used that card in a long time.

While it's not required, we also strongly recommend enabling Two-Step Login before saving your payment details.

Keep in mind that you can easily remove your saved payment method through the My Account / Orders section. We'll also automatically invalidate all payment tokens for any account that hasn't been used in a long time.


We hope the feature turns out to be particularly useful soon, when you may just feel compelled to click really, really fast.
YOU made me learn my card number gog. And I'll wager my encryption is better. :)
Good that it's optional, could be useful, give it a think over.....Mmmm.
Why don't You add the feature of credit purchase for further use.. You know, like Gamersgate Bluecoins or Greenman credit.
high rated
avatar
hedwards: The way you guys have sold out is absolutely disgusting. Considering all the ecommerce sites that lose credit details to crackers despite allegedly following industry standards, this is just disgusting.
Except that : It's optional and they don't actually store credit details.
Post edited March 17, 2016 by Gersen
I like that it's optional, I like the way they say they'll handle it (is this common practice - the "token" method? And if so, is it any easier to avoid losing data this way?).

I won't be using it (I'm one of the people who found the LACK of requirement for stored information a DRAW when it came to joining GoG).

The best part about this announcement is...

Insomnia!
I know a lot of people asked for this feature, but I can see this ending very badly for some. $6000 in a day kind of bad.
high rated
avatar
hedwards: It's not speculation, the real question here is how well they'll do at securing things. Previously the only information they stored was your email address and password. Now, they're having to somehow store your CC # and address on top of the information they already has. Which means that if somebody does get into your account they get a lot more information than they used to get.
They're not storing your CC # or your address.

If you choose "save this card for later use" and then all security fails and somebody manages to get into your account then the worst they can do is buy a bunch of GOG games as gifts to flog, which can be revoked.
low rated
avatar
hedwards: Now, they're having to somehow store your CC # and address
avatar
JMich: They don't. They store a single unique number, which the bank issues. If that number is used by a specific IP/Store combination, the payment is approved. If it's used by a wrong IP and/or Store, the payment is declined.
I'm skeptical about how well it's going to work.

Plus, they promised they'd never do this so even if it does work well, at best they've sold us out again and are treating us like walking wallets.
high rated
avatar
hedwards: Plus, they promised they'd never do this so even if it does work well, at best they've sold us out again and are treating us like walking wallets.
They said they didn't want to store the credit card number... and that's not what they are doing...
avatar
JMich: They don't. They store a single unique number, which the bank issues. If that number is used by a specific IP/Store combination, the payment is approved. If it's used by a wrong IP and/or Store, the payment is declined.
avatar
hedwards: I'm skeptical about how well it's going to work.

Plus, they promised they'd never do this so even if it does work well, at best they've sold us out again and are treating us like walking wallets.
Yes and no? GOG is trying to walk a fine line between keeping things secure and providing the convenience that customers want. I can see why that's really important for them, and the single-store-code seems like a decent compromise to not store something criminally valuable while letting people one-click buy. They're not storing the CC number, which is what they said they wouldn't do.

That said, I agree that it's disconcerting to see GOG changing to be more like other stores when what got me shopping here was it's uniqueness.
Post edited March 17, 2016 by Gilozard
low rated
avatar
hedwards: I'm skeptical about how well it's going to work.

Plus, they promised they'd never do this so even if it does work well, at best they've sold us out again and are treating us like walking wallets.
avatar
Gilozard: Yes and no? GOG is trying to walk a fine line between keeping things secure and providing the convenience that customers want. I can see why that's really important for them, and the single-store-code seems like a decent compromise to not store something criminally valuable while letting people one-click buy.

That said, I agree that it's disconcerting to see GOG changing to be more like other stores when what got me shopping here was it's uniqueness.
Ultimately, I should probably be thankful because the more changes like this they make, the easier it is for me to not buy games that I'm not planning on playing immediately. Or even games that I am planning on playing immediately.

But, just the sheer hypocrisy of it is rather staggering. Years ago I respected the way they did business and wanted to support them whenever I could, but at this point, they've barely got any more morals than Hillary Clinton.
high rated
avatar
Gilozard: Yes and no? GOG is trying to walk a fine line between keeping things secure and providing the convenience that customers want. I can see why that's really important for them, and the single-store-code seems like a decent compromise to not store something criminally valuable while letting people one-click buy.

That said, I agree that it's disconcerting to see GOG changing to be more like other stores when what got me shopping here was it's uniqueness.
avatar
hedwards: Ultimately, I should probably be thankful because the more changes like this they make, the easier it is for me to not buy games that I'm not planning on playing immediately. Or even games that I am planning on playing immediately.

But, just the sheer hypocrisy of it is rather staggering. Years ago I respected the way they did business and wanted to support them whenever I could, but at this point, they've barely got any more morals than Hillary Clinton.
That's a bit extreme.

I kind of agree about the regional pricing, but polled users apparently cared much less about flat pricing and much more about having more releases, so...democracy in action.

The indie game expansion was definitely a good thing, despite how angry people were about it at the time.

This decision doesn't break any of their promises. GOG promised to never store the CC number and other stealable info, and they're not doing that. They also upgraded site security before doing it.
high rated
avatar
Martek: I expect at some point, card data will be saved even for those that never turn on the option to do so. Worse, there may not even be any indication it happens.

(...)

I know one thing - starting immediately, I'll never enter my "normal" card number again here. It has suddenly become too much of a risk.
If they were to make these decisions in secrecy, wouldn't it make more sense to do so WITHOUT telling anyone ANYTHING about saving? Why do you feel LESS safe after being informed, considering that you assume dishonesty?

That aside, this is a SERIOUS accusation, the likes of which I... have seen before. "They will eventually force people" was bad enough, but "...and they're going to do it behind their backs" implies an enormous level of distrust. Sheesh...

avatar
Martek: But I know this - I remember when signed certificates became a thing - I opined that they would get hacked and used for nefarious purposes. Of course, all the techies I knew said "HOW WILL THEY DO THAT?". I didn't know.
Have you considered "fortune teller" as a career choice? You seem to be good at making predictions (that technically will either be true or unfalsifiable).

avatar
hedwards: Plus, they promised they'd never do this (...)
They promised never to generate tokens ;)?
Seriously, I can't believe the degree of illiteracy in the comment section. Between people who are convinced that they will now store credit cards and those who believe straight-up hashes are the solution, there seems to be little hope for reading comprehension.
Entering the number can be a risk. Tokens mean that it can be done once. The credit-card number cannot be retrieved from the token, so it's just a GOG-limited option to pay using the same method as initially. It's optional, can be revoken, the website supports two-step verification to weed out suspicious activity... What the fuck do you people actually want?
high rated
avatar
Martek: I expect at some point, card data will be saved even for those that never turn on the option to do so. Worse, there may not even be any indication it happens.

(...)

I know one thing - starting immediately, I'll never enter my "normal" card number again here. It has suddenly become too much of a risk.
avatar
Vestin: If they were to make these decisions in secrecy, wouldn't it make more sense to do so WITHOUT telling anyone ANYTHING about saving? Why do you feel LESS safe after being informed, considering that you assume dishonesty?

That aside, this is a SERIOUS accusation, the likes of which I... have seen before. "They will eventually force people" was bad enough, but "...and they're going to do it behind their backs" implies an enormous level of distrust. Sheesh...

avatar
Martek: But I know this - I remember when signed certificates became a thing - I opined that they would get hacked and used for nefarious purposes. Of course, all the techies I knew said "HOW WILL THEY DO THAT?". I didn't know.
avatar
Vestin: Have you considered "fortune teller" as a career choice? You seem to be good at making predictions (that technically will either be true or unfalsifiable).

avatar
hedwards: Plus, they promised they'd never do this (...)
avatar
Vestin: They promised never to generate tokens ;)?
Seriously, I can't believe the degree of illiteracy in the comment section. Between people who are convinced that they will now store credit cards and those who believe straight-up hashes are the solution, there seems to be little hope for reading comprehension.
Entering the number can be a risk. Tokens mean that it can be done once. The credit-card number cannot be retrieved from the token, so it's just a GOG-limited option to pay using the same method as initially. It's optional, can be revoken, the website supports two-step verification to weed out suspicious activity... What the fuck do you people actually want?
A pony.
high rated
Some of the posts here are unbelievable. It's an optional feature, and they are NOT storing your card info, even in encrypted format, just a token. Having been through this myself, it doesn't even open up GOG to a higher level of PCI compliance than what they were doing previously (pass-through).

There is still a danger of a hack getting your card info - a hack on the bank or service issuing the token, not a hack on GOG. I will not be using the feature myself because of this, but in no way does that have anything to do with GOG, and is a global issue for ANY site or bank offering this kind of feature.

And for the conspiracy theorists talking about putting in 2-factor authentication, site-wide HTTPS, and now remote card storage.. being in software and web development myself, I can understand a push to "modernize" security and payment options without it being fueled by a desire to siphon away your money.

Thank you GOG developers for your hard work. Now as others have mentioned, please bring on the OLD games :)