Saving credits card data would just be a security liability, a service like GOG is much safer without it

If everything go as planned tough, store credits, the "money" you get back when purchasing something with unfair regional price or when getting a refund, will give a similar service if the user want

https://www.gog.com/support/website_help/store_credit

Point 6 seems to suggest just that, would probably need to remove the expiration time of one year tough

I like the way GoG handles it, its not tooo much Info to enter and i don't want to store my data there. Steam is way more annoying with lots of fields to enter, if you don't store CC infos ;)

I prefer it as is - they don't save the info.

Even an 'option that defaults to don't save' is risky - as websites fail at their own settings regularly - so it would just be a matter of time before it 'saved' what wasn't supposed to be saved - and likely with no indication it did so.

So I'd prefer them just to keep 'not save' and not have any option otherwise..

Believe it or not, this was a draw for me as well. I waited a long time to join GoG and the fact that they don't store my payment information was one of the things that finally made me take the plunge. Everything they do is very consumer friendly in my opinion.

NNNNNNNNNNNNNNNNNNNOOOOOOOOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
and
NNNNNNNNNNNNNNNNNNNOOOOOOOOOOOOOOOOOOOOO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

That convinced me too. Hopefully, it'll never change.

Never mind, double post. Apparently, it takes 23 minutes for GOG to post all my attempts at replying.

That convinced me too. Hopefully, it'll never change.
That convinced me too. Hopefully, it'll never change.
That convinced me too. Hopefully, it'll never change.

It should still be an option.

As long as you use a credit card (and not a debit card) you are covered.
The biggest problem with these breaches is that when people store their debit card info - that's linked directly to their bank account and the money is gone. Yes, you can get it back by filing a claim, etc. - but you are still out of that liquid cash and the time it takes to make you whole again. With a credit card, you simply dispute the charge.
Just like everything else in life, as long as the risks are acceptable to you - then you should have the option.

Certainly not going to change my opinion of GOG, but I just think it should still be an option to the individual whether or not they want to save their credit card information (and not saving the 3-4 digit security code is perfectly acceptable) in the client that's installed locally on their machine.

Storing it locally in the client would be a nice option, but I don't think any online or client-based store actually does that. They store the CC info on servers at their end, which is an insanely stupid method of doing things, but for some reason is still generally accepted.

*IF* they OPTIONALLY stored it locally in some Secure™ fashion I could live with it (if I knew 'where' it was and could delete it manually at will).

But if they would store it 'in the cloud', 'on their server', or what-have-you, then NO NO NO - not even as an option. It is inevitable the 'setting' would FAIL at some point (probably silently and without notice) and thus even those that would decline the option would then be stuck with the effects of a data breach they were diligently avoiding (all for the cost of some minor convenience for others). Not acceptable!

"As long as you use a credit card (and not a debit card) you are covered"

NOT GOOD ENOUGH.

I don't want to be 'covered'. I want to AVOID the issue - completely.

Being "covered' means what? It means (in the case of a data breach) - 1) Typical 'free one year of credit monitoring' 2) Having to hassle with the CC company if something 'slips through'. 3) Then make sure the breach doesn't 'affect' your credit. 4) Then having to hassle with the credit bureaus to 'recover'.

NONE of that is worth the hassle of saving someone some minor convenience. Not even close.

YOU can probably find some 3rd party 'plug your data into the form fields' proggy to do this for you if you really need it. Heck it may even be built-into something you already use (I don't know because I don't use that stuff and turn off all 'auto-fill forms for me' stuff)

Go that route if you really need the minor convenience (and/or can't just remember your cc info like many of us and thus type it in very quickly when needed).

No, it really shouldn't.

While GOG doesn't store any data, they are very low priority for breaking into (as there isn't much reward in doing so). As soon as they store this data for anyone, suddenly, they become interesting and GOG don't have a track record of creating robust systems for anything (we have games vanishing off people's account, not sanitising user input leading to XSS attacks, people being able to sign up with usernames that already exist, MitM attacks being possible on all topics posted before 2015-01-01).

Not storing this information is one of the smartest thing they do.

Solved thread, but I thought I'd drop what I know on the subject as it might prove useful to some.

Generally speaking, storing credit card info on servers which are not rigorously audited for security practices on a regular basis is an extremely bad idea. It is also illegal in the USA unless you have applied for and passed PCI compliance.

That said, many sites that do have the option to store your credit card information for later use are using payment processor sites that give a token for retrieving the data which is stored on PCI-compliant servers. For example, Humble Bundle uses Stripe to process their credit card transactions, and they give the option to store your card details. However, your card details are NOT stored on Humble Bundle's servers, they are instead stored on the much more rigorously secured and PCI-compliant Stripe servers which issue one-time encrypted security tokens for retrieving your card info. At no point does Humble ever know or store your card information -- it all goes directly to Stripe.