It's not there to copy but if you used a card it allows one to reuse that card for purchases if one is logged into that account. One could easily purchase a game/games using that info while logged in and gift it to a temp email for selling/reuse. This is why GOG should look into this/people should clear their data after buying stuff(for now).

quick, someone write like me

Weren't there some topics from ppl that had games on their account completely out of the blue some time ago? Maybe same thing happened, but without the buyer realizing that he did not logged into his account.

like me

Really? I thought that would have to be filled in on your end... I use PayPal myself to avoid this unpleasantness (Which requires login authentication every use) but that's.... terribly insecure.

liek, if somewun wanted too taek over my acct i guess it wud bee Fairfox?

Did I do it right?

I've come to remember my full number as I've entered it so many times. Takes longer to enter my name.

Does that work from multiple locations or is it session/cookie based?

I don't have that kind of time, man...though I probably should do more to secure my info, I agree.....but eh my bank usually has my back if bad charges get posted so i'm good for now.

I recommend everyone to delete their payment info from their GOG account until this bug is squashed, though.

So far i've used it in other browsers/on other machines and it is indeed saved across any use of my account.

Good to know! I'll stop saying GOG doesn't store payment info. That used to be the case but is obviously not now.

Read immi101's post above. He summarizes pretty well how it works.

A bit of clarification would be nice, as it would seem you just contradicted yourself(while also providing some good info about checking to save this card as saving the info).

You said the card info is not stored in your database after saying(basically) that checking save this card saves the info somewhere(I would assume you guys/gals don't let just anyone save the info and that the servers doing such/holding such data are at least partially under your control). This means that if you check to save the card info then GOG DOES in fact store your info(even if on another server) if you choose for it to be saved.

The distinction is moot(imo), however, as to who holds the data if someone gains access to your account and such has been saved to it. Either way(whether GOG stores the data or someone else) if it's saved and someone accesses your account they can buy games with it.

That info is good to know, but it says the data is only reverified if one hasn;t used it in awhile. This means that if someone buys often enough and someone gains access to an account with saved payment data they can possibly buy games with it. Also even if the data is a token/encrypted if the before mentioned circumstances occur other people can still buy games with it to resell/use themselves if they have access to your account.

Yes games but not use it on other online shops to buy other things. That is in practise the difference between saving it as the number visible and using the method GOG uses.

The risk is, of course, any criminals buying gift codes.

For those with limited income it's still bad, and even for those with more income it's still not good even if it's just a few bought games.

Basically those who choose to save payment details shouldn't have that feature made into a liability due to a security loophole in the site code/etc.